08-14-2013 08:08 AM - last edited on 03-25-2019 05:51 PM by ciscomoderator
We currently have an ASA 5512x failolver pair in production running security plus licences (see below). We recenly purchased 2 Anyconnect Mobility licences and I am tasked with installing them on the appliances. I have redeemed the PAKs accociated with these licences and received the activation keys. Will applying these activation key's "merge" with the existing security plus licences or will it overwrite them and we will lose functionality\features ? We require both the security plus and anyconnect for mobile functionality.
Thanks for the clarification
EXISTING INSTALLED LICENCES
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA 5512 Security Plus license.
Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 4 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 4 perpetual
Total UC Proxy Sessions : 4 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA 5512 Security Plus license.
The flash permanent activation key is the SAME as the running permanent key.
MOBILITY ACTIVATION KEY
Product Authorization Key : XXXXXX
Failover : Disabled
Encryption-DES : Enabled
Encryption-3DES-AES : Disabled
Security Contexts : Default
GTP/GPRS : Disabled
AnyConnect Premium Peers : Default
Other VPN Peers : Default
Advanced Endpoint Assessment : Disabled
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Disabled
Shared AnyConnect Premium License server : Disabled
Shared License : Disabled
UC Phone Proxy Sessions : Default
Total UC Proxy Sessions : Default
AnyConnect Essentials : Disabled
Botnet Traffic Filter : Disabled
Intercompany Media Engine : Disabled
IPS Module : Disabled
Cluster License : Disabled
08-14-2013 08:21 AM
Hi,
Usually the ASA tells which currently enabled licenses might be disabled due to entering/confirming the Actication Key.
To me it seems strange that in the above text it states that Failover and the 3DES/AES Encryption is disabled?
- Jouni
08-14-2013 10:59 AM
Hi Aah,
Installing the Any connect license will not override the existing Security plus license. You can go ahead and install it without any fear.
Sent from Cisco Technical Support Android App
08-14-2013 07:31 PM
I disabled failover on the 2nd passive ASA and installed the new activation key (generated from the Anyconnect mobility PAK) on the ASA and reloaded. The key did not merge with the exististing security plus license. It overworte the license with a Base license that included Any Connect Mobility functionality. We lost all security plus features. I had to revert to my original activation key.
08-14-2013 08:53 PM
AnyConnect for Mobile is only required on one of the members in an 8.3 or later installation (as are all X series since they require 8.6 or later). I've put a couple of these on and they've never had any impact on the other licensed features.
I suspect someone may have either ordered the wrong SKU or issued an incorrect license. You should open a TAC case and ask for the Global licensing team to resolve.
08-14-2013 08:54 PM
Hi,
There was a similiar situation here on the forums few days ago.
A user was provided the wrong license which activated the licensing for some new feature on the ASA but disabled an existing one.
You should contact the people through which you aquired the license and ask this to be corrected.
- Jouni
08-14-2013 08:57 PM
If Jouni and I come to the same conclusion within the same minute across 6 time zones it must be the right answer.
01-06-2014 12:09 PM
Good Day
Can you help me ? i was wondering If you have your configuration of both ASA HA in Active/Active mode or Active/Stand-by mode ?
I'm asking that because i saw in your command output Failover : Active/Active perpetual
Thanks
Wilson Veliz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide