ASA Failover 5510/5510sc

Yury Kuzminov · ‎03-07-2018

Hi community,

please help with following question.

I have a 5510 ASA in standalone mode, but going to change it to failover. I have another ASA, but with security context support, ASA 5510sc. Is this a restriction for failover connectivity? As I can see at cisco.com page for failover, "The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM." So my devices have absolutely the same hardware parameters:

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

But license features are different (on the second one I see more security context than on the first one, more VLANs and VPN peers available as well)

Is this a restriction to build a failover, or it is just a software missmatch and theese devices can be connected in failover?

Florin Barhala · ‎03-07-2018

I would be interested to see other opinions, but here are my thoughts:
1. You need both ASAs to work on the same mode before enabling failover
2. License wise you should be restricted to the maximum license capacity of the failover active unit.

Yury Kuzminov · ‎03-07-2018

Thanks for reply. By the way, how can I change a license for ASA with security context? Should I by a new one, or it is a downgrade available with my current license?