Upgrade the ASA-5505 after the SecPlus is installed.
I have several ASA-5505 units with the SecurityPlus license. These are running older OS versions and I would like to upgrade them. I am wondering if I will lose the SecurityPlus if I upgrade the image to 8.3
Re: Upgrade the ASA-5505 after the SecPlus is installed.
The activation-key is only good for that chassis alone. For this reason, when you wanted to have the new activation-key that comes with SecPlus, the Cisco website requested you to enter the chassis serial number. Otherwise, every Tom Dick and Harry who has a Cisco ASA 5505 will enjoy SecPlus features for FREE, if they were to get hold of your SecPlus activation-key :-)
Hence, your objective to have a hot-swap device on standby just in case, the unit goes down cannot be achieved unless your spare units too have its' own SecPlus license enabled. Alternatively, you might wanna consider running your Cisco ASA 5505 in Active/Standby failover provided both the chassis has SecPlus license enabled.
Unfortunately, Cisco doesn't provide demo license for SecPlus. Otherwise, you could load that demo license in your spare chassis. I know this for a fact, as I've asked Cisco for this 1,000 times in the past.
If you were to ask me, why don't you signed up a support Maintenance Contract with a local Cisco Gold Partner. These partners will have various Cisco ASA models with SecPlus readily available in their store, just waiting to be deployed, in the event of a P1 case logged.
Note: If you're new to Cisco ASA, I wouldn't recommend you to upgrade to 8.3 and above for now. The syntax for NATs and objects have changed so dramatically, it's rather confusing at first. Just stick to version 8.2.4 max (not even 8.2.5 ~ very buggy). However, if you're comfortable with software version 8.3 and above, then it's always good to have the latest stabile Cisco software version in your FW.
P/S: If you think this comment is useful, please do rate it nicely :-)
Ramraj Sivagnanam Sivajanam
Technical Specialist/Service Delivery Manager – Managed Service Department
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :