07-12-2013 06:41 AM - edited 03-11-2019 07:11 PM
hi
I have 2 ASA 8.2(5) firewalls for failover.
ASA 1 for active and ASA 2 for standby.
and,
in order to get ssh AES function I upgraded ASA 1 license key.
but the failover is off since now the software between 2 firewalls is not the same.
(after that I configure some thing new on ASA 1 as well)
I want to upgrade the license key for ASA 2.
so that the failover can work again.
do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?
(in case the ASA 2 becomes active and replicates its configuration to ASA 1)
or should I configure "no failover active" on ASA 2 to avoid it to be active role?
I am new on this issue.
so please do me a favor.
Thank you very much,
Solved! Go to Solution.
07-12-2013 11:16 AM
Hi.
do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?
(in case the ASA 2 becomes active and replicates its configuration to ASA 1)
or should I configure "no failover active" on ASA 2 to avoid it to be active role?
No need to remove the configuration, just do no failover and then failover.
NOTE: Starting on 8.3.1 and higher versions you do not need to have the same licenses on both boxes, so this issue will never happen again.
Example: You upgrade the license on the primary unit... Then the new license will be shared between both units.
And the cool thing is that: If you have one license on the primary for 10 SSL users and on the secondary for 2 SSL users then they will merged as a license for 12 SSL users on the primary unit.
When failover happens the new primary will use the 12 SSL user license.
Cool stuff right
For Networking Posts check my blog at http://laguiadelnetworking.com/
Cheers,
Julio Carvajal Segura
07-12-2013 11:16 AM
Hi.
do I need to clear failover configuration on ASA 2 first then upgrade the license key on it?
(in case the ASA 2 becomes active and replicates its configuration to ASA 1)
or should I configure "no failover active" on ASA 2 to avoid it to be active role?
No need to remove the configuration, just do no failover and then failover.
NOTE: Starting on 8.3.1 and higher versions you do not need to have the same licenses on both boxes, so this issue will never happen again.
Example: You upgrade the license on the primary unit... Then the new license will be shared between both units.
And the cool thing is that: If you have one license on the primary for 10 SSL users and on the secondary for 2 SSL users then they will merged as a license for 12 SSL users on the primary unit.
When failover happens the new primary will use the 12 SSL user license.
Cool stuff right
For Networking Posts check my blog at http://laguiadelnetworking.com/
Cheers,
Julio Carvajal Segura
07-12-2013 04:42 PM
thank you so much for the answer.
I will configure it and ask again if there is another issue.
thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide