Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
8
Helpful
3
Replies

5510 Failover Implementation

mohamedjasren
Level 1
Level 1

‎09-15-2013 08:26 PM - edited ‎03-11-2019 07:38 PM

hi,

to implemantation failover on ASA 5510 need to use the same model with 5510 with same IPS module also same license.

my question is;

1. can i use the same license on 8.2 for both unit?

2. what type of license need to use for failover? example, Security Plus license.

3. if running on 8.3, the license for ASA can be share right? mean just buying 1 license only?

4. if running IPS module, both unit need to buy license??

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎09-15-2013 11:26 PM

Hi,

To my understanding the things are in the following way

1.) You will have to have an identical licenses on an ASA Failover pair if you are running 8.2 or below software level

2.) Both ASA5510 will require the Security Plus license, even with the 8.3 or above software since it enables Failover capabilities.

3.) To my understanding licenses like VPN user licenses will be shared between the Failover units even if only one unit has the license (when running 8.3 or above)

4.)  To my understanding both ASA units would have to have the IPS module but the IPS modules dont automatically replicated configurations. I can't say anything for sure regarding the IPS module as we use different devices for IPS functionality so I dont really have any expirience with them.

Here is link to one document section explaining the 8.3 changes to Failover licensing

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1455081

- Jouni

mohamedjasren
Level 1
Level 1
In response to Jouni Forss

‎09-16-2013 12:45 AM

thanks JouniForss,

no 3. when asa running version 8.3 and just buy security plus license for primary and secondary no need to buy the license?     

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to mohamedjasren

‎09-16-2013 01:05 AM

Hi,

To my understanding you need Security Plus license for both ASA5510 units as its the requirement for to use Failover.

If the Failover doesnt work to begin with there is no way to share other licenses between units.

Check this document section about different capabilities of the original ASA5510 model

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1451043

With Base License it lists that Failover is not supported. But on Security Plus license both Active/Standby and Active/Active is supported.

So to me it seems that if you want to use ASA5510 models as Failover pair you would need Security Plus license on both.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card