cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1108
Views
0
Helpful
7
Replies

Installing additional ASA feature licences

Anh-Quan Le
Level 1
Level 1

We currently have an ASA 5512x failolver pair in production running security plus licences (see below).  We recenly purchased 2 Anyconnect Mobility licences and I am tasked with installing them on the appliances.  I have redeemed the PAKs accociated with these licences and received the activation keys.  Will applying these activation key's "merge" with the existing security plus licences or will it overwrite them and we will lose functionality\features ?  We require both the security plus and anyconnect for mobile functionality.

Thanks for the clarification

EXISTING INSTALLED LICENCES

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 250            perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual

This platform has an ASA 5512 Security Plus license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 4              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 4              perpetual
AnyConnect Essentials             : 250            perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 4              perpetual
Total UC Proxy Sessions           : 4              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual

This platform has an ASA 5512 Security Plus license.

The flash permanent activation key is the SAME as the running permanent key.

MOBILITY ACTIVATION KEY

Product Authorization Key : XXXXXX

Failover : Disabled

Encryption-DES : Enabled

Encryption-3DES-AES : Disabled

Security Contexts : Default

GTP/GPRS : Disabled

AnyConnect Premium Peers : Default

Other VPN Peers : Default

Advanced Endpoint Assessment : Disabled

AnyConnect for Mobile : Enabled

AnyConnect for Cisco VPN Phone : Disabled

Shared AnyConnect Premium License server : Disabled

Shared License : Disabled

UC Phone Proxy Sessions : Default

Total UC Proxy Sessions : Default

AnyConnect Essentials : Disabled

Botnet Traffic Filter : Disabled

Intercompany Media Engine : Disabled

IPS Module : Disabled

Cluster License : Disabled

7 Replies 7

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Usually the ASA tells which currently enabled licenses might be disabled due to entering/confirming the Actication Key.

To me it seems strange that in the above text it states that Failover and the 3DES/AES Encryption is disabled?

- Jouni

sooprasa
Level 1
Level 1

Hi Aah,

Installing the Any connect license will not override the existing Security plus license. You can go ahead and install it without any fear.

Sent from Cisco Technical Support Android App

I disabled failover on the 2nd passive ASA and installed the new activation key (generated from the Anyconnect mobility PAK) on the ASA and reloaded.  The key did not merge with the exististing security plus license.  It overworte the license with a Base license that included Any Connect Mobility functionality.  We lost all security plus features.  I had to revert to my original activation key.

AnyConnect for Mobile is only required on one of the members in an 8.3 or later installation (as are all X series since they require 8.6 or later). I've put a couple of these on and they've never had any impact on the other licensed features.

I suspect someone may have either ordered the wrong SKU or issued an incorrect license. You should open a TAC case and ask for the Global licensing team to resolve.

Hi,

There was a similiar situation here on the forums few days ago.

A user was provided the wrong license which activated the licensing for some new feature on the ASA but disabled an existing one.

You should contact the people through which you aquired the license and ask this to be corrected.

- Jouni

If Jouni and I come to the same conclusion within the same minute across 6 time zones it must be the right answer.

Good Day

Can you help me ? i was wondering If you have your configuration of both ASA HA in Active/Active mode or Active/Stand-by mode ?

I'm asking that because i saw in your command output Failover :     Active/Active perpetual

Thanks

Wilson Veliz

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: