Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
5
Replies

Failover 5505 Basic License

Go to solution
Oscar Castillo
Level 1
Level 1

‎09-23-2013 01:51 AM - edited ‎03-11-2019 07:42 PM

Guys,

I have 2 ASAs, I have my own lab at home and One of the ASAs is sitting here doing nothing. Question..

Can I configure failover with basic license?

Any other idea that I can use it? I have done few projects, and I would like to use it on something else.

Any idea that comes to your guys mind? would be more than welcome to receive it.

Regards,


Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-23-2013 02:57 AM

Hi,

ASA5505 to my understanding doesnt support Failover with Base License.

Here is a link to a software version 8.3 section of licensing for ASA5505

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1450337

I am not sure what you are looking for specifically? Just some ideas what to use it for just so it doesnt sit there unused?

Maybe you can try out something like

  • Transparent Firewall = if you need to learn how it operates.
  • VPN Firewall = Use the ASA as a separate firewall for VPN connectivity like IPsec Client, SSL Client or Clientless SSL testing. You could even configure L2L VPN between this ASA and your current ASA5505 if you need to test something related to that. You could perhaps also use it as a entry point to your network if the main firewall would happen to fail.
  • Testing Firewall = Use it as a testing firewall to test configurations changes like NAT. I use an ASA5505 at home to test different setups people ask about here on the forums

If you had a licensed 5510 or a basic 5520 then you could probably even test Multiple Context mode.

Naturally also some of testing you could do is limited depending on whether you have a service contract for the ASA to get updated softwares for it.

- Jouni

View solution in original post

0 Helpful

Go to solution
Antonio Simoes
Level 1
Level 1

‎09-23-2013 02:57 AM

Hi,

Donate for charety. lol

Upgrade it, because with basic license you cant use failover. And even in Sec Plus license you can´t do stateful failover. Wich means, every time that a equipment of the peer fails all connection have to reestart again.

Take care,

AS

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-23-2013 02:57 AM

Hi,

ASA5505 to my understanding doesnt support Failover with Base License.

Here is a link to a software version 8.3 section of licensing for ASA5505

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1450337

I am not sure what you are looking for specifically? Just some ideas what to use it for just so it doesnt sit there unused?

Maybe you can try out something like

  • Transparent Firewall = if you need to learn how it operates.
  • VPN Firewall = Use the ASA as a separate firewall for VPN connectivity like IPsec Client, SSL Client or Clientless SSL testing. You could even configure L2L VPN between this ASA and your current ASA5505 if you need to test something related to that. You could perhaps also use it as a entry point to your network if the main firewall would happen to fail.
  • Testing Firewall = Use it as a testing firewall to test configurations changes like NAT. I use an ASA5505 at home to test different setups people ask about here on the forums

If you had a licensed 5510 or a basic 5520 then you could probably even test Multiple Context mode.

Naturally also some of testing you could do is limited depending on whether you have a service contract for the ASA to get updated softwares for it.

- Jouni

0 Helpful

Go to solution
Antonio Simoes
Level 1
Level 1
In response to Jouni Forss

‎09-23-2013 02:59 AM

Jouni,

We posted awnser in the same minute man....

Funny coincidence .lol

AS

0 Helpful

Go to solution
Antonio Simoes
Level 1
Level 1

‎09-23-2013 02:57 AM

Hi,

Donate for charety. lol

Upgrade it, because with basic license you cant use failover. And even in Sec Plus license you can´t do stateful failover. Wich means, every time that a equipment of the peer fails all connection have to reestart again.

Take care,

AS

0 Helpful

Go to solution
Oscar Castillo
Level 1
Level 1
In response to Antonio Simoes

‎09-23-2013 05:18 AM

I havent tried the transparent mode. Let's see how that goes.

Than you guys for your comments.

I will figure some things out with it.

Thanks,

Oscar.

0 Helpful

Go to solution
fb_webuser
Level 6
Level 6

‎09-23-2013 06:07 AM

You can check if it supports failover or not by default using show activiation-key details which should provide you with this output Failover : Disabled how ever if it supports failover , it should show something like that Failover : Active/Active perpetual

---

Posted by WebUser Marwan Hassan from Cisco Support Community App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card