My company has bought from Cisco two L-ASA5510-SEC-PL= licenses for two ASAs and I have to configure these two ASAs in active/standby mode for redundancy. During the active/standby configuration wizard I got a message telling that these two ASAs does not have the same number of SSL VPN licenses and the wizard fails.
One ASA has 2 SSL VPN (the default lincenses) licenses and the other ASA has 25 SSL VPN licenses.
Is there any solution for this issue except the one to buy 25 SSL VPN licenses for the first ASA ?
It seems strange, but is there any possibility to decrease the number of SSL VPN linceses for the second ASA ??
Re: Need to configure two ASAs in active/standby mode
You can raise a TAC ticket to have them re-issue your activation key -23 SSL licenses, in any kind of failover setup - both devices must be identical in the following:-
The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. On the ASA security appliance platform, at least one of the units must have an unrestricted (UR) license.
The licensed features (such as SSL VPN peers or security contexts) on both security appliances that participate in failover must be identical.
So either by more SSL licenses or downgrade.....all depends on if you are going to SSL at a later date.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...