04-12-2007 10:52 PM - edited 02-21-2020 01:29 AM
I have 2 questions:
1.I have 2xASA firewalls with different licenses.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0018.195b.ccfa, irq 9
1: Ext: Ethernet0/1 : address is 0018.195b.ccfb, irq 9
2: Ext: Ethernet0/2 : address is 0018.195b.ccfc, irq 9
3: Ext: Ethernet0/3 : address is 0018.195b.ccfd, irq 9
4: Ext: Management0/0 : address is 0018.195b.ccf9, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
This platform has a Base license.
1. In first output you can see Active/Active failover, even i have configured Active/Standby. Why?
2. In first output you can see that paltform has VPN Plus license, but second one is base license. How it is related with system ASA IOS? Or it is not depends on ASA IOS. Ant licenses are burned to the some chip on ASA, maybe? Can somebody give to me the link with more information about that.
thanks
Solved! Go to Solution.
04-17-2007 10:15 AM
Leo,
As Rick says, there is only one version of PIX/ASA software for each release. Individual features are enabled by a licence key. So what I meant to say was that the 1st device has a licence which gives the capability of 750 simultanious VPN connections, whilst the 2nd can only have 250. The 2nd device also supports fewer VLANS and only one context.
All these features can be upgraded with a new licence key and a reboot, no new software would be required.
04-16-2007 02:59 PM
1 - Active/Active means the device is "capable" of partisipating in a cluster. It doesn't mean if is currently doing so.
2 - VPN plus determines the number of simulaneous VPN peers, 750 vs 250 on the standard.
04-17-2007 04:29 AM
Leo
For your first question Mark got it exactly, it is reporting what the license is capable of not reporting what you have configured it to do.
For your second question, Cisco has adopted a somewhat different approach with the ASA code as compared to router code in which the feature set determines what capabilities are enabled. In the ASA I believe all the capabilities are included in the code but only features within your license are activated. If you were to upgrade the license I believe that you would get more features available without needing to change the code.
HTH
Rick
04-17-2007 10:15 AM
Leo,
As Rick says, there is only one version of PIX/ASA software for each release. Individual features are enabled by a licence key. So what I meant to say was that the 1st device has a licence which gives the capability of 750 simultanious VPN connections, whilst the 2nd can only have 250. The 2nd device also supports fewer VLANS and only one context.
All these features can be upgraded with a new licence key and a reboot, no new software would be required.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: