Solved: ASA 5520 8.2 licensing

bapatsubodh · ‎08-23-2011

Hi,

If we are having 8.2 code running on the 5520 ASA in active / failover mode. Do we need duplicate licenses for failover appliances also for VPN,SSL etc?

If we have 8.3 code then what is the licensing difference.

Thanks

Subodh

Maykol Rojas · ‎08-24-2011

Hi,

Yes, once you do the upgrade to 8.3, the configuration should migrate automatically. For Zero downtime upgrade on failover pairs, please refer to the following guide...

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398

Thanks!

Mike

View solution in original post

Mohammad Alhyari · ‎08-23-2011

with 8.2 two the two license need to be exactly matching on the two failover units .

8.3 and later , you need to have the license on the primary unit only:

In Version 8.3(1) and later, failover units do not require the same license on each unit. For earlier versions, see the licensing document for your version.

Failover License Requirements

•Failover units do not require the same license on each unit.

Older versions of adaptive security appliance software required that the licenses match on each unit. Starting with Version 8.3(1), you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for Active/Standby failover, the secondary unit inherits the primary license when it becomes active. If you have licenses on both units, they combine into a single running failover cluster license.

•For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.

for more info please visit this link :

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1455081

cheers .

bapatsubodh · ‎08-23-2011

Hi Alhyari,

Thanks for immediate reply. What if we downgrade the code from 8.3 to 8.2? Do we need to purchse seperate licenses for 8.2 version.

Also what is the way to find out what were the licenses on original 8.3 code that is shipped?

Is it possible to reload the ASA with 8.3 code which is available in flash memory and then use show ver command to see the licenses?

Or the licenses are entered separately after you have booted with 8.3 code?

Thakns

Subodh

Maykol Rojas · ‎08-23-2011

If you dowgrade, then yes, you will need to purchase two licenses, one from the active and one for the standby, if you are in 8.3, you only need to purchase 1.

Another thing is that if you already applied the activation key on the units, wether if you are in 8.3 or 8.4 the features will remain there as the activation key is stored on flash.

Hope this helps.

Mike

bapatsubodh · ‎08-24-2011

Hi

Thanks for help. Now if we need to go back to 8.3 code from 8.2.

After upgrade is done. (Copy 8.3 code in flash and set the boot path tot his file. Then reload the device.)

"For the first time 8.3 will convert the exisitng configuration to new syntax that 8.3 uses" is this true.

Also if already two ASA are in failover can this be done with minimum downtime.

Thanks

Subodh

Maykol Rojas · ‎08-24-2011

Hi,

Yes, once you do the upgrade to 8.3, the configuration should migrate automatically. For Zero downtime upgrade on failover pairs, please refer to the following guide...

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398

Thanks!

Mike

varrao · ‎08-24-2011

Yes, I agree with Mike, but whenever you are upgrading to version 8.3 you should have some downtime and i would suggest you follow this doc always while migrating to the code:

https://supportforums.cisco.com/docs/DOC-12690

and this as well:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

If you follow this, it would have minimum downtime.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao