Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS license in Active/Active ASA 5545-X failover pair

Hello All,

I am wondering if I need to buy just one IPS feature (not subscription) license for my ASA 5545X failover pair, so they will combine (as for instance security context licenses do) or I need to buy two IPS licenses in total, separately for each failover unit?

I am also wondering if restart will be required while applying IPS license on one of the failover units.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: IPS license in Active/Active ASA 5545-X failover pair

That is correct, each ASA will need an IPS license.

Regards,

Felipe.

Remember to rate useful posts.

4 REPLIES
New Member

IPS license in Active/Active ASA 5545-X failover pair

Anybody can help?

Bronze

IPS license in Active/Active ASA 5545-X failover pair

Hello,

I'm more familiar with the hardware IPS than with the software based IPS, but found this:

IPS Module License.

Note The  IPS module license lets you run the IPS software module on the ASA. You  must also purchase a separate IPS signature subscription; for failover,  purchase a subscription for each unit. To obtain IPS signature support,  you must purchase the ASA with IPS pre-installed (the part number must  include "IPS"). The combined failover cluster license does not let you  pair non-IPS and IPS units. For example, if you buy the IPS version of  the ASA 5515-X (part number ASA5515-IPS-K9) and try to make a failover  pair with a non-IPS version (part number ASA5515-K9), then you will not  be able to obtain IPS signature updates for the ASA5515-K9 unit, even  though it has an IPS module license inherited from the other unit.

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/modules_ips.html#wp1104578

I hope it helps,

Regards,

Felipe.

Remember to rate useful posts.

New Member

Re: IPS license in Active/Active ASA 5545-X failover pair

Thanks!

"The combined failover cluster license does not let you pair non-IPS and IPS units."

Does it mean that I need two separate feature licenses on each ASA unit?


Sent from Cisco Technical Support iPhone App

Bronze

Re: IPS license in Active/Active ASA 5545-X failover pair

That is correct, each ASA will need an IPS license.

Regards,

Felipe.

Remember to rate useful posts.

1387
Views
0
Helpful
4
Replies