Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
3
Replies

Anyconnect SSL Premium License not stackable

Go to solution
Yi Fan XU
Level 1
Level 1

‎07-14-2014 03:36 AM - edited ‎02-21-2020 07:43 PM

Hi, first of all, thanks for reading my input.

 

Recently have issue regarding SSL license activation.

Customer purchase L-ASA-SSL-50= and L-ASA-SSL-250= for their ASA5540 to support 300 peers.

I fulfill the two PAK keys together separated by commas, but I only get one activation key for 50 peers.

TAC reply 250 license can't be showed due to system detect there is 50 license already.

Meaning 250= and 50= can not be stacked together to achieve 300.

I searched around to find Cisco doc regarding this behavior, but no luck.

Does anyone have read such Cisco doc somewhere?

 

Now Cisco can re-add the 250= license and remove 50=.

But I am not sure if this re-add 250= can overwrite 50= installed at ASA.

Does anyone have similar case?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Yi Fan XU

‎07-14-2014 06:59 PM

My source is some partner training collateral.

There is a small reference to this behavior in the following location:

http://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/67909-ssl-vpnclient-faq.html#lice

I've not performed the exact upgrade you're talking about but, generally speaking, an ASA license is conveyed and implemented via an activation key that is generated by Cisco's internal system and, when installed, it will result in the appliance reflecting the purchased license level - assuming that it was purchased correctly of course.

Your reseller should be able to advise you on the correct path.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-14-2014 03:35 PM

You cannot stack two separate licenses for AnyConnect Premium. You have to order the appropriate base or upgrade part number that meets your licensing needs.

There is no 300 peer licensing level. After 250, the next level would be 500.

Following are the available Upgrade Part Numbers: L-ASA-SSL-10-25, L-ASA-SSL-25-50, L-ASA-SSL-50-100, L-ASA-SSL-100-250, L-ASA-SSL-100-500, L-ASA-SSL-100-750, L-ASA-SSL-100-1K, L-ASA-SSL-250-500, L-ASA-SSL-500-750, L-ASA-SSL-500-5K, L-ASA-SSL-750-1K, L-ASA-SSL-1K-2500, L-ASA-SSL-2500-5K, L-ASA-SSL-5K-10K.

 

0 Helpful

Go to solution
Yi Fan XU
Level 1
Level 1
In response to Marvin Rhoads

‎07-14-2014 04:47 PM

Thanks Marvin!

Does Cisco have any doc regarding this non-stack behavior?

As mentioned, Cisco can re-add 250= and remove 50=.

But I am worry if I can install that re-add 250=.

Because even Cisco can remove 50= at their system, the ASA still has that 50= installed.

Do you have such experience?

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Yi Fan XU

‎07-14-2014 06:59 PM

My source is some partner training collateral.

There is a small reference to this behavior in the following location:

http://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/67909-ssl-vpnclient-faq.html#lice

I've not performed the exact upgrade you're talking about but, generally speaking, an ASA license is conveyed and implemented via an activation key that is generated by Cisco's internal system and, when installed, it will result in the appliance reflecting the purchased license level - assuming that it was purchased correctly of course.

Your reseller should be able to advise you on the correct path.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents