Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
0
Helpful
4
Replies

Anyconnect user license upgrade on Cisco ASA 5520 8.2.5 failover pair

Lovleen Arora
Level 1
Level 1

‎03-26-2017 04:05 PM - edited ‎03-12-2019 02:07 AM

Hi,

 Thanks in advance.

I need to know how do i apply this new activation key?

same activation key to both ASAs?

first apply it to Cisco ASA Secondary standby and reload it.

and then failover to secondary and make it active.

and then apply the same activation-key to primary standby and reload it.

Please confirm?

Many thanks

Lovleen

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-26-2017 05:57 PM

An activation key is only issued to a specific device with a specific serial number.  The same key can not be applied to two different ASA's, clustered or otherwise.

I typically buy a licence for each ASA, to keep them matching.  However in this case, as long as your software is not too old, applying the licence on one will allow both members of the failover cluster to see and use it.

8.2(5) is what I would call bordering on "ancient".  If you have a Cisco maintenance contract, like SmartNet, you should upgrading to something like asa917-15-k8.bin.

Also note the 5520 is going "fully" end of support next year.  If you don't currently have a Cisco maintenance contract then you wont be allowed to buy one now.
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eol_C51-727279.html

You should consider upgrading to something like an ASA 5516-X.
http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html

You could also consider the newer Firepower 2100 series.
http://www.cisco.com/c/en/us/products/security/firepower-2100-series/index.html

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-26-2017 09:22 PM

Note that if you purchased a new AnyConnect 4.x license the PAK can be redeemed for multiple appliances. That's because the new licensing scheme is per unique user vs. per ASA. You will still need a unique activation key per appliance  

The exception is the VPN-O license type. Those are issued for one appliance only. 

0 Helpful

Lovleen Arora
Level 1
Level 1
In response to Marvin Rhoads

‎03-27-2017 01:06 PM

We have bought a L-AC-PLS-1Y-S3 license.

i need to know how do i apply it to the Cisco ASA 5520 HA pair (active/standby). thanks

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Lovleen Arora

‎03-27-2017 03:29 PM

Just go to cisco.com/go/license and redeem your PAK to get your activation key. Once you receive the activation key, apply it to the active (usually primary) ASA using the CLI command "activation-key xxxx-xxxx". You can also apply the activation key using ASDM. You do not need to apply it to both ASA's in your active/standby pair.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card