I have 2 5510 ASA's and I'm in a pinch with needing a failover ASA to put in. I have a testing ASA I need to put in as a standby firewall in an Active/Standby scenario but this ASA has a 10 user SSL VPN license applied. My primary ASA that I'm setting this up with only has the standard 2 user and the HA config wizard fails when I'm running through it. The message I get is "License compatibility test for number of clientless SSL VPN peers failed." How can I deactivate the 10 user license on my testing unit so I can bring it in as a failover?
In your scenario it is best to upgrade your ASAs to a version of 8.3+
There both ASAs don't need to have the same licenses. Instead the licenses of both ASAs are counted together. The downside of this solution is that you probably need more RAM. But in the end it could be cheaper then buying SSL-licenses for both ASAs.
Karsten, I would upgrade to 8.3 but I've experienced problems with this last week when trying to upgrade, already. After upgrading to some flavor of 8.4 (8.4.3 I think) SMTP would no longer pass through the ASA. Without going in to crazy details about it all, I dropped back to another ASA we have that I was waiting to deploy for other functions, and to the same IOS rev of 8.2.2 before I upgraded with a backup of my config. The testing ASA has been sitting around to play with SSL and other functions and now the boss wants failover active so my test ASA goes away. So my test ASA is now going to be a FO until I can get my original primary back online w an upgraded IOS testing everything first, and what's now my running ASA becomes the failover...and then I get my test ASA back and can put the SSL VPN key back on it. Yes, a whirlwind of sorts.
I used Jennifer's recommendation and have contacted Cisco licensing for a new activation key and am waiting for them to get back to me.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...