cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


309
Views
0
Helpful
4
Replies
Frequent Contributor

Does All the Licenses need to match while Replacing Failed Primary Unit

Current Sec Active ASA

 

show activation-key
Serial Number:  JMX1422L135
Running Activation Key: 0xe702e159 0x00279cbc 0x10807924 0xb9d4ccc0 0xcc2a3182

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 250
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 5000
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5550 VPN Premium license.

The flash activation key is the SAME as the running key.

 

 

Replacement for Failed Primary Unit

 


Running Permanent Activation Key: 0x5000fe74 0x943d21b3 0x70b02db0 0x9bb828a4 0x                                                                                                                                                             4c2a10a1

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 400            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5550 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 400            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 4              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
UC Phone Proxy Sessions           : 4              perpetual
Total UC Proxy Sessions           : 4              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5550 VPN Premium license.

The Running Activation Key feature: 10000 AnyConnect Premium sessions exceed the                                                                                                                                                              limit on the platform, reduced to 5000 AnyConnect Premium sessions.

The flash permanent activation key is the SAME as the running permanent key.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: Does All the Licenses need to match while Replacing Failed Primary Unit

Mostly yes, with AnyConnect being an exception (assuming this is a modern version of ASA software).  Really old versions everything had to be identical.

 

Note if you are replacing an ASA in a failover pair they must both be identical models.

 

If you have had an RMA unit you should be able to use the RMA licence transfer tool to transfer the licences from the old ASA to the new ASA.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118000-technote-esa-00.html

4 REPLIES 4
VIP Advisor

Re: Does All the Licenses need to match while Replacing Failed Primary Unit

Mostly yes, with AnyConnect being an exception (assuming this is a modern version of ASA software).  Really old versions everything had to be identical.

 

Note if you are replacing an ASA in a failover pair they must both be identical models.

 

If you have had an RMA unit you should be able to use the RMA licence transfer tool to transfer the licences from the old ASA to the new ASA.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118000-technote-esa-00.html

Highlighted
Frequent Contributor

Re: Does All the Licenses need to match while Replacing Failed Primary Unit

Models are identical.

Need to confirm from you with current output of ASA will license feature ok?

Can I delete the anyconnect license from the ASA which will be replacing the failed Primary?

Please confirm if Current Lic feature will work or not?

Frequent Contributor

Re: Does All the Licenses need to match while Replacing Failed Primary Unit

Also Current Sec Active ASA has old version 8.2.5

Frequent Contributor

Re: Does All the Licenses need to match while Replacing Failed Primary Unit

Current Sec Active has code 8.2 does all  licenses need to match in this code?

my primary asa has all same license except the new primary has anyconnect.

 

will it work?