Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1456
Views
0
Helpful
4
Replies

ASA 5520 Failover fail - mismatch license

Go to solution
Weverton Aranha
Level 1
Level 1

‎10-13-2014 07:57 AM - edited ‎03-11-2019 09:55 PM

I have two Cisco ASA 5520 and I am not able to perform Failover because one peer have a base license and the other have a license with additional Security Contexts. I need to have a match with the Security Context and it is not a problem if I need to convert the licensed peer in a base license one.

 

Peer 1:

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150       
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled   
VPN-3DES-AES                   : Enabled   
Security Contexts              : 2         
GTP/GPRS                       : Disabled  
SSL VPN Peers                  : 2         
Total VPN Peers                : 750       
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled  
AnyConnect for Cisco VPN Phone : Disabled  
AnyConnect Essentials          : Disabled  
Advanced Endpoint Assessment   : Disabled  
UC Phone Proxy Sessions        : 2         
Total UC Proxy Sessions        : 2         
Botnet Traffic Filter          : Disabled  

 

 

Peer 2:

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150       
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled   
VPN-3DES-AES                   : Enabled   
Security Contexts              : 5         
GTP/GPRS                       : Disabled  
SSL VPN Peers                  : 2         
Total VPN Peers                : 750       
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled  
AnyConnect for Cisco VPN Phone : Disabled  
AnyConnect Essentials          : Disabled  
Advanced Endpoint Assessment   : Disabled  
UC Phone Proxy Sessions        : 2         
Total UC Proxy Sessions        : 2         
Botnet Traffic Filter          : Disabled  

 

Does enyone know how to match this security context by commands?

Regards, Weverton Aranha
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Weverton Aranha

‎10-13-2014 10:06 AM

Just send the output of "show version" to licensing@cisco.com and tell them that you need a license without the security-contexts. You should get an activation-Key back that can be entered into the ASA.

Is there no way to upgrade? That would be the better solution.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎10-13-2014 09:27 AM

When using an ASA version up to 8.2, the licenses have to match on both units. There are three ways to solve the problem:

  1. remove the context-license from the second unit
  2. buy a 5 context-license for the first unit
  3. Upgrade to ASA version 8.4 or 9.x. With that you are allowed to have different licenses as they are added together from both units. If youre ASAs have already 2Gigs of RAM, then that's the best way to go.
0 Helpful

Go to solution
Weverton Aranha
Level 1
Level 1
In response to Karsten Iwen

‎10-13-2014 09:30 AM

Hello Karsten,

 

How do I remove the context-license from the second unit?
 

Regards, Weverton Aranha
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Weverton Aranha

‎10-13-2014 10:06 AM

Just send the output of "show version" to licensing@cisco.com and tell them that you need a license without the security-contexts. You should get an activation-Key back that can be entered into the ASA.

Is there no way to upgrade? That would be the better solution.

0 Helpful

Go to solution
Weverton Aranha
Level 1
Level 1
In response to Karsten Iwen

‎10-13-2014 11:43 AM

Karsten,

 

Thank you. It is not an option because I have just 512MB of memory in the both devices, I need at least 2GB.

Regards, Weverton Aranha
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card