08-23-2011 01:46 PM - edited 03-11-2019 02:16 PM
Hi,
If we are having 8.2 code running on the 5520 ASA in active / failover mode. Do we need duplicate licenses for failover appliances also for VPN,SSL etc?
If we have 8.3 code then what is the licensing difference.
Thanks
Subodh
Solved! Go to Solution.
08-24-2011 09:37 AM
Hi,
Yes, once you do the upgrade to 8.3, the configuration should migrate automatically. For Zero downtime upgrade on failover pairs, please refer to the following guide...
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398
Thanks!
Mike
08-23-2011 01:53 PM
with 8.2 two the two license need to be exactly matching on the two failover units .
8.3 and later , you need to have the license on the primary unit only:
In Version 8.3(1) and later, failover units do not require the same license on each unit. For earlier versions, see the licensing document for your version.
•Failover units do not require the same license on each unit.
Older versions of adaptive security appliance software required that the licenses match on each unit. Starting with Version 8.3(1), you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for Active/Standby failover, the secondary unit inherits the primary license when it becomes active. If you have licenses on both units, they combine into a single running failover cluster license.
•For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.
for more info please visit this link :
cheers .
08-23-2011 02:14 PM
Hi Alhyari,
Thanks for immediate reply. What if we downgrade the code from 8.3 to 8.2? Do we need to purchse seperate licenses for 8.2 version.
Also what is the way to find out what were the licenses on original 8.3 code that is shipped?
Is it possible to reload the ASA with 8.3 code which is available in flash memory and then use show ver command to see the licenses?
Or the licenses are entered separately after you have booted with 8.3 code?
Thakns
Subodh
08-23-2011 03:01 PM
If you dowgrade, then yes, you will need to purchase two licenses, one from the active and one for the standby, if you are in 8.3, you only need to purchase 1.
Another thing is that if you already applied the activation key on the units, wether if you are in 8.3 or 8.4 the features will remain there as the activation key is stored on flash.
Hope this helps.
Mike
08-24-2011 07:56 AM
Hi
Thanks for help. Now if we need to go back to 8.3 code from 8.2.
After upgrade is done. (Copy 8.3 code in flash and set the boot path tot his file. Then reload the device.)
"For the first time 8.3 will convert the exisitng configuration to new syntax that 8.3 uses" is this true.
Also if already two ASA are in failover can this be done with minimum downtime.
Thanks
Subodh
08-24-2011 09:37 AM
Hi,
Yes, once you do the upgrade to 8.3, the configuration should migrate automatically. For Zero downtime upgrade on failover pairs, please refer to the following guide...
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398
Thanks!
Mike
08-24-2011 09:44 AM
Yes, I agree with Mike, but whenever you are upgrading to version 8.3 you should have some downtime and i would suggest you follow this doc always while migrating to the code:
https://supportforums.cisco.com/docs/DOC-12690
and this as well:
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
If you follow this, it would have minimum downtime.
Hope this helps.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide