I am struggling to confirm the license requirements for Active/Standby failover on a pair of ASA5520
The devices are currently ruining version 8.4 (1) and have the VPN plus license as below:
Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 150 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual VPN-DES : Enabled perpetual VPN-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual GTP/GPRS : Disabled perpetual AnyConnect Premium Peers : 2 perpetual AnyConnect Essentials : Disabled perpetual Other VPN Peers : 750 perpetual Total VPN Peers : 750 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 2 perpetual Total UC Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5520 VPN Plus license
I can see from forums and sites that for the 5505 and 5515 you definitely require the security plus license but can not see a definite answer for the 5520. When I check one of our 5515 devices which has security plus the fail-over feature still shows active/active perpetual
Starting with Version 8.3(1), failover units do not require the same license on each unit. Older versions of ASA software required that the licenses match on each unit. If you have licenses on both units, they combine into a single running failover cluster license.
The primary exception is the Security Plus license that is a prerequisite to enable failover on the low-end models.
The specific license you mention does need the 250 SSL VPN Premium user license to be present first on the unit where it is activated but that's because it is an upgrade license, not having anything to do with failover.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...