cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1965
Views
0
Helpful
7
Replies
Beginner

ASA security context in HA cluster

hi out there

I have a active-active setup with 2 cisco asa 5585x running 8.4 - the boxes ahve each 2 sec context's build-in - which gives 4 sec context in the cluster. I have 2 x 5 extra licenses (2 x ASA5500-SC-5)  which I haven't applied yet - will this give me a total of 10 or 14 security contextes? I am a bit in doubt because if I only get 10 sec contextes in this cluster then could I instead get a single 10 security context license (1 x ASA5500-SC-10) and add this - hereby I would get 12 then.  

best regards /ti               

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA security context in HA cluster

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

7 REPLIES 7
Cisco Employee

ASA security context in HA cluster

When you apply the 5 extra licenses x2, it will give you a total of 10 security context.

If you are getting a single 10 security context license, it will give you a total of 12 security context.

Beginner

When you apply the 5 extra

When you apply the 5 extra licenses x2, it will give you a total of 10 security context. - What about the 2 built-in security contexts? it should be 12 total contexts right?

Highlighted
Beginner

or it should be 14 total

or it should be 14 total contexts?
 

Beginner

nope - you have to consider

nope - you have to consider how you upgrade - when you apply a 10 sec license the box has 10 sec contextes - not 12 - so in a HA cluster (with 2 phys boxes)  where you apply this to a single host you have 10+2 not 12+2

if you apply this in another way where you but 2 x 5 upgrades for both boxes then you waste 2 contextes

 

and if you similar apply a 10 sec context to the first box and afterwards a 5 context upgrade to the second box you have 15 and not 17 or 19 sec liceses

 

so - before you start upgrade - conside what you want - if you apply it wrong or buy it wrong you are in trouble ;-)

 

 

Beginner

let's say I have 5515-X_1

let's say I have 5515-X_1 without a security context license. And I have another 5515-X_2 with 5 security contexts license. So the total security contexts for ACTIVE/ACTIVE is still 5 total contexts instead of 7. The two built-in security context in 5515-X_1 does not count. Would you know why cisco design this licensing this way?

Hall of Fame Master

It's that way for the reason

It's that way for the reason I noted below - 

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.

Hall of Fame Master

The two "built-in" contexts

The two "built-in" contexts are not really intended as customer contexts. They are intended as system and admin contexts. Thus they are not additive in an HA multi-context scenario.