Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
0
Helpful
3
Replies

Cisco ASA CX subscription question

Go to solution
ivanov.arseniy
Level 1
Level 1

‎07-29-2013 02:10 AM - last edited on ‎03-25-2019 05:51 PM by Community Manager

Hello again,

One fellow asked me a question about Cisco ASA CX subscription and i'm not really sure about the answer i shall give him, so I promised him to discuss this topic here at supportforums.

The thing we were talking about with him was whether you need only one subscription or two of them in a case when you have two asa cx appliances running in active/standby mode.

Can anyone provide some valuable input regarding this or a link to cisco documentation?

Thanks.

Best regards, Arseniy S. Ivanov
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-29-2013 07:41 AM

Hi,

This seems to have the answer (at the end)

Managing High Availability
Cisco High Availability (HA) enables network-wide protection by providing fast recovery from faults that may occur in any part of the network. With Cisco High Availability, network hardware and software work together and enable rapid recovery from disruptions to ensure fault transparency to users and network applications.
Configuring high availability on ASA CX devices requires  two identical units connected to each other through a dedicated  failover link, with one active unit passing traffic while the other unit  waits in a standby state. The health of the active unit and its  interfaces is monitored to determine if specific failover conditions are  met. If those conditions are met, failover occurs and the standby unit  begins processing traffic.
The following conditions must be met in order to configure two ASA CX devices for high availability:
  • Both units must be the same model, have the same number and types of interfaces, and the same amount of RAM installed. 
  • Both  units must be operating in the same mode (routed or transparent, single  or multiple context). They must have the same major (first number) and  minor (second number) software version. 
  •  Each ASA CX must have the proper licenses.

Source:

http://www.cisco.com/en/US/docs/security/asacx/9.1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1_chapter_0100.html#task_F61A932F60754FCBA559D24DA57E8335

- Jouni

View solution in original post

0 Helpful

Go to solution
shillings
Level 4
Level 4
In response to Jouni Forss

‎07-29-2013 12:50 PM

I double checked this with Cisco quite recently and they confirmed the above is correct.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to shillings

‎07-29-2013 02:43 PM

Right - all the module-based (CX, IPS, CSC-SSM, AIP-SSM) features continue to require separate licenses per appliance.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎07-29-2013 07:41 AM

Hi,

This seems to have the answer (at the end)

Managing High Availability
Cisco High Availability (HA) enables network-wide protection by providing fast recovery from faults that may occur in any part of the network. With Cisco High Availability, network hardware and software work together and enable rapid recovery from disruptions to ensure fault transparency to users and network applications.
Configuring high availability on ASA CX devices requires  two identical units connected to each other through a dedicated  failover link, with one active unit passing traffic while the other unit  waits in a standby state. The health of the active unit and its  interfaces is monitored to determine if specific failover conditions are  met. If those conditions are met, failover occurs and the standby unit  begins processing traffic.
The following conditions must be met in order to configure two ASA CX devices for high availability:
  • Both units must be the same model, have the same number and types of interfaces, and the same amount of RAM installed. 
  • Both  units must be operating in the same mode (routed or transparent, single  or multiple context). They must have the same major (first number) and  minor (second number) software version. 
  •  Each ASA CX must have the proper licenses.

Source:

http://www.cisco.com/en/US/docs/security/asacx/9.1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1_chapter_0100.html#task_F61A932F60754FCBA559D24DA57E8335

- Jouni

0 Helpful

Go to solution
shillings
Level 4
Level 4
In response to Jouni Forss

‎07-29-2013 12:50 PM

I double checked this with Cisco quite recently and they confirmed the above is correct.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to shillings

‎07-29-2013 02:43 PM

Right - all the module-based (CX, IPS, CSC-SSM, AIP-SSM) features continue to require separate licenses per appliance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card