cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3003
Views
0
Helpful
5
Replies
ComstorFR
Beginner

ASA Context licenses in cluster mode

Hi,

With 2 ASA firewall in Cluster mode, Can the context licenses be shared between the two appliances ?

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

I would then suggest you to go through these docs below in the License requirement section:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml   ------> Active/Active

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#Sow  -------> Active/Standby failover

May be this should answer your questions.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

5 REPLIES 5
varrao
Advocate

Hi,

No, licenses aer generated on the basis of per device, so licenses cannot be shared between two appliances. Could yu explain your requirement in a bit more detail, are you configuring the firewalls in HA/failover??

Thanks,

Varun

Thanks,
Varun Rao

Hi Varun

Tx for your answer,

I want to install it in HA/Failover (ASA5550-BUN-K9)

Hi,

I would then suggest you to go through these docs below in the License requirement section:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml   ------> Active/Active

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#Sow  -------> Active/Standby failover

May be this should answer your questions.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

HI Varun,

Thanks you for your reply, but what do you think by this :

Failover License Requirements

Failover units do not require the same license on each unit.

Older versions of adaptive security appliance software required that the licenses match on each unit. Starting with Version 8.3(1), you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for Active/Standby failover, the secondary unit inherits the primary license when it becomes active. If you have licenses on both units, they combine into a single running failover cluster license.

For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.

Do you think that the security contexts license are not affected by this rule?

Am I obliged to buy licenses (Security contexts) for eah appliance ?

Regards

Hi,

Yes, the document provided to you were for only pre 8.3 versions. From 8.3 or later these license requirements for the HA on ASA have changed drastically. Previously where in you needed to have the same featured license on both the firewall, this is not the case post 8.3. You can have different license on the two devices, that would alsdo work. But be informed that shared license is not supported in Active/Active failover. Follow the below doc, for complete insight into license for ASA 8.3:

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html#wp1455081

Thanks,

Varun

Thanks,
Varun Rao
Content for Community-Ad