06-14-2016 02:16 PM - edited 03-12-2019 12:53 AM
It is my understanding that duplicate feature licenses are not necessary when using cluster licenses on ASA 5585-x (per http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_cluster.pdf - "Licensing Requirements for ASA Clustering").
What about when using the default 2-cluster licenses with ASA 5555-X? I understand both will require the same encryption licenses but our vendor says duplicate feature licenses (IDS/AMP/URL) are still required but keeps pointing to old failover documentation. Anyone find any definitive documentation on this?
Solved! Go to Solution.
06-15-2016 12:34 AM
You need on both ASAs:
All other ASA-licenses are shared in the cluster.
IPS/AMP/URL are not licenses that are applied to the ASA, they are applied to Firepower. And the Firepower modules don't share any information or state. The Management center sees two independent modules in your cluster and you need licenses for both modules to activate them.
06-14-2016 06:16 PM
I'm not sure the answer is so clear cut.
Exactly which feature licences are you meaning?
06-15-2016 07:19 AM
Thank you for your replies. We are planning on doing IPS and URL. This is the specific language in the aforementioned cluster configuration document that I am referencing: "A Cluster license is required on each unit. For other feature licenses, cluster units do not require the same license on each unit. If you have feature licenses on multiple units, they combine into a single running ASA cluster license." This language references 5585-X. No guidance on feature licenses for other models is specified. Does the lack of guidance mean licensing works the same way as it did for failover? Seems like a big assumption especially given the cost.
06-15-2016 12:34 AM
You need on both ASAs:
All other ASA-licenses are shared in the cluster.
IPS/AMP/URL are not licenses that are applied to the ASA, they are applied to Firepower. And the Firepower modules don't share any information or state. The Management center sees two independent modules in your cluster and you need licenses for both modules to activate them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide