Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Failover off

I have two ASA5520 which was configured for failover. We added some Anyconnect VPN licenses and it broke the failover because we didn't add the licenses to both firewalls. Now the Primary is saying that failover is off. We plan to buy the VPN licenses for the second firewall later but until we do that i am just wondering if the Primary die would it be possible to bootup the secondary and get it to work? Any help would be greatly appreciated

Thanks,

Lake

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Failover off

Hi,

I assume that you are running software level 8.2 or below?

If I am not totally mistaken the AnyConnect Essentials could be shared with the Standby unit if your Failover pair were running 8.3 or above software. But I am not 100% sure about this but that is my understanding. Hopefully someone will correct me if infact the 8.3 software units dont share the Anyconnect Essentials license.

Though upgrading from 8.2 to 8.3 or above would mean that you would have to check if your unit has enough memory to support that and also would have to consider the completely changed NAT format.

Naturally if your main firewall breaks down you can boot up the old firewall. It should work like any other standalone firewall. I guess in that situation the only difference would be that it wouldnt have the VPN license and probably not the exact same configurations if its now offline and they arent in Failover syncing configurations.

- Jouni

3 REPLIES
Super Bronze

Re: Failover off

Hi,

I assume that you are running software level 8.2 or below?

If I am not totally mistaken the AnyConnect Essentials could be shared with the Standby unit if your Failover pair were running 8.3 or above software. But I am not 100% sure about this but that is my understanding. Hopefully someone will correct me if infact the 8.3 software units dont share the Anyconnect Essentials license.

Though upgrading from 8.2 to 8.3 or above would mean that you would have to check if your unit has enough memory to support that and also would have to consider the completely changed NAT format.

Naturally if your main firewall breaks down you can boot up the old firewall. It should work like any other standalone firewall. I guess in that situation the only difference would be that it wouldnt have the VPN license and probably not the exact same configurations if its now offline and they arent in Failover syncing configurations.

- Jouni

Failover off

That was my main question for now whether the failver would work if the Primary fails. Thank you very much.

Super Bronze

Failover off

Hi,

I assume you mean the same thing as you say in the original post? I mean that the Failover pair went down and the Secondary ASA is now not in use since the Failover doesnt work and IF the currently used unit would break you would then boot up/power up the Secondary unit to take its place.

- Jouni

76
Views
0
Helpful
3
Replies
CreatePlease login to create content