07-14-2014 03:36 AM - edited 02-21-2020 07:43 PM
Hi, first of all, thanks for reading my input.
Recently have issue regarding SSL license activation.
Customer purchase L-ASA-SSL-50= and L-ASA-SSL-250= for their ASA5540 to support 300 peers.
I fulfill the two PAK keys together separated by commas, but I only get one activation key for 50 peers.
TAC reply 250 license can't be showed due to system detect there is 50 license already.
Meaning 250= and 50= can not be stacked together to achieve 300.
I searched around to find Cisco doc regarding this behavior, but no luck.
Does anyone have read such Cisco doc somewhere?
Now Cisco can re-add the 250= license and remove 50=.
But I am not sure if this re-add 250= can overwrite 50= installed at ASA.
Does anyone have similar case?
Solved! Go to Solution.
07-14-2014 06:59 PM
My source is some partner training collateral.
There is a small reference to this behavior in the following location:
http://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/67909-ssl-vpnclient-faq.html#lice
I've not performed the exact upgrade you're talking about but, generally speaking, an ASA license is conveyed and implemented via an activation key that is generated by Cisco's internal system and, when installed, it will result in the appliance reflecting the purchased license level - assuming that it was purchased correctly of course.
Your reseller should be able to advise you on the correct path.
07-14-2014 03:35 PM
You cannot stack two separate licenses for AnyConnect Premium. You have to order the appropriate base or upgrade part number that meets your licensing needs.
There is no 300 peer licensing level. After 250, the next level would be 500.
Following are the available Upgrade Part Numbers: L-ASA-SSL-10-25, L-ASA-SSL-25-50, L-ASA-SSL-50-100, L-ASA-SSL-100-250, L-ASA-SSL-100-500, L-ASA-SSL-100-750, L-ASA-SSL-100-1K, L-ASA-SSL-250-500, L-ASA-SSL-500-750, L-ASA-SSL-500-5K, L-ASA-SSL-750-1K, L-ASA-SSL-1K-2500, L-ASA-SSL-2500-5K, L-ASA-SSL-5K-10K.
07-14-2014 04:47 PM
Thanks Marvin!
Does Cisco have any doc regarding this non-stack behavior?
As mentioned, Cisco can re-add 250= and remove 50=.
But I am worry if I can install that re-add 250=.
Because even Cisco can remove 50= at their system, the ASA still has that 50= installed.
Do you have such experience?
07-14-2014 06:59 PM
My source is some partner training collateral.
There is a small reference to this behavior in the following location:
http://www.cisco.com/c/en/us/support/docs/security/ios-sslvpn/67909-ssl-vpnclient-faq.html#lice
I've not performed the exact upgrade you're talking about but, generally speaking, an ASA license is conveyed and implemented via an activation key that is generated by Cisco's internal system and, when installed, it will result in the appliance reflecting the purchased license level - assuming that it was purchased correctly of course.
Your reseller should be able to advise you on the correct path.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: