Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
803
Views
0
Helpful
1
Replies

anyconnect license question

Go to solution
Eric Shartle
Level 1
Level 1

‎01-04-2016 02:55 PM - edited ‎03-12-2019 12:06 AM

Hi all,

I have 2 ASA-5510s running 8.2.5-58 running in Active/Standby.

I bought a single AnyConnect Essentials license, registered to one of my ASA firewall serial numbers, and installed it....but it disabled my failover with this message:

activation-key xxxxxx xxxxxxxx xxxxxxxx xxxxxxx xxxxxxxx
Validating activation key. This may take a few minutes...
Mate's license (AnyConnect Essentials Disabled) is not compatible with my license (AnyConnect Essentials Enabled). Failover will be disabled.

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Enabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.


**********************************************************************
WARNING: AnyConnect Essentials license active. Basic VPN support is
in effect. For specific details, please refer to Cisco AnyConnect VPN
Client Administrator Guide.
**********************************************************************

Both running and flash activation keys were updated with the requested key.
FIrewall(config)# exit

I confirmed failover is now disabled:

Firewall# sh failover
Failover Off
Failover unit Secondary
Failover LAN Interface: FAILOVER Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 110 maximum

How do I get failover capability back?  Do I need to do anything with the Anyconnect license on the Standby unit?

Thanks,

Eric

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎01-04-2016 03:20 PM

Up to ASA version 8.2, both units in a failover setup needed the same licenses as a prerequisite to failover. This changed with 8.3 and higher. You have three options here:

  1. Buy a license for the secondary unit. But I'm not sure if thats available any more.
  2. Upgrade to 8.3 or higher. For that, your ASAs need 1Gig of RAM and the config-migration is typically a pain.
  3. Buy an AnyConnect 4 Plus License (link is in the other post where I didn't expect that you run this old software).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎01-04-2016 03:20 PM

Up to ASA version 8.2, both units in a failover setup needed the same licenses as a prerequisite to failover. This changed with 8.3 and higher. You have three options here:

  1. Buy a license for the secondary unit. But I'm not sure if thats available any more.
  2. Upgrade to 8.3 or higher. For that, your ASAs need 1Gig of RAM and the config-migration is typically a pain.
  3. Buy an AnyConnect 4 Plus License (link is in the other post where I didn't expect that you run this old software).
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card