04-10-2013 05:12 PM - edited 03-11-2019 06:26 PM
Hi, I have a 5510 with security plus on 7.2(3) and I am looking to pick up an economical 2nd unit on eBay to configure as an HA pair A/S. Of course there are quite a few on offer, and the one I am looking at matches fairly closely. My question for the board is how particular is the licensing when comes time to pair them up? Both are Security Plus, and I don't understand why the discrepancies in Max VLAN, security contexts, and a couple of the other parameters.
My reading abt the licensing doesn't indicate different levels of security plus e.g. Max VLAN is just stated as 100. I am thinking that is because the #2 is on 7.0(3). Maybe some of those features were increased in the later versions? But I have no way of checking until I buy it--
The plan will be to upgrade both to 8.2 and bump mine to 1GB to match ... just wanted to make sure I wouldn't be in a situation where they wouldn't pair for some reason. Thanks in advance
Mine
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
This platform has an ASA 5510 Security Plus license.
Proposed#2
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 150
This platform has an ASA 5510 Security Plus license.
Solved! Go to Solution.
04-10-2013 05:25 PM
Hello,
Indeed there are some differences that you must fix in order to be able to have a failover pair BUT as you will be increasing the memory.. why dont you go to 8.3 as the licenses restriction will disappear for failover purposes,
the units will now share it instead of compare them
regards
04-10-2013 05:25 PM
Hello,
Indeed there are some differences that you must fix in order to be able to have a failover pair BUT as you will be increasing the memory.. why dont you go to 8.3 as the licenses restriction will disappear for failover purposes,
the units will now share it instead of compare them
regards
04-10-2013 08:22 PM
Thank you for the reply. Yes it's the pros and cons isn't it - I have only this one ASA to support and had read some threads about 8.3 being more of a major/breaking changes kind of upgrade. So... I was thinking of only going to 8.2 so as not to have that fight.
But if the licensing is going to be a stumbling block I will definitely consider it (8.3).
I just did some more searching and found Table 10 at the following link which shows the release history http://www.cisco.com/en/US/docs/security/asa/asa80/license/license80.html#wp95122
This explains the Maximum VLANs for example, and I would expect it to jump up to 100 on the newer release. Also the WebVPN. I suspect security contexts will jump up to 2 with the newer release also, but i can't confirm that from the table. Was there any specific item you thought might need a license to be purchased separately from the Security Plus?
04-10-2013 09:50 PM
Read enough posts and eventually things become clear. https://supportforums.cisco.com/thread/2195557
This guy was looking at a similar scenario with respect to the numbers. He was on 7.0(8) and was showing 0 security contexts, upgrading to 8.0(5) broke the logjam. I can see his output after 8.0(5) matches mine, except for the addition of the AnyConnect lines.
Security contexts were introduced in 7.0(1) http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp130567
so I'm kinda surprised they weren't showing up until he loaded 8.0, but who knows.
I will leave this open for another couple days in case anyone has other comments, but I am pretty comfortable going ahead after what I've read, and as you say if it goes balls up I can always go to 8.3 and replicate the licenses.
04-10-2013 11:08 PM
Hello,
Sure, do what you want It's all about you feeling confortable with the solution,
regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide