Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
4
Replies

CISCO ASA5520 ACTIVE/STANDBY LICENSE REQUIREMENTS

Go to solution
Rob Craig
Level 1
Level 1

‎08-15-2014 08:16 PM - edited ‎03-11-2019 09:38 PM

Hi there

I am struggling to confirm the license requirements for Active/Standby failover on a pair of ASA5520

The devices are currently ruining version 8.4 (1) and have the VPN plus license as below:

 

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license

 

I can see from forums and sites that for the 5505 and 5515 you definitely require the security plus license but can not see a definite answer for the 5520. When I check one of our 5515 devices which has security plus the fail-over feature still shows active/active perpetual

 

Can anyone confirm for me what the 5520 requires?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2014 08:22 PM

The 5520 (and higher) models do not require Security Plus for failover capability. That is only required on 5505, 5510, and 5512-X.

Reference 1

Reference 2

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2014 08:22 PM

The 5520 (and higher) models do not require Security Plus for failover capability. That is only required on 5505, 5510, and 5512-X.

Reference 1

Reference 2

0 Helpful

Go to solution
Rob Craig
Level 1
Level 1
In response to Marvin Rhoads

‎08-15-2014 08:22 PM

Marvin, thats great. Thanks for the quick response and for confiming that for me. Much appreicated. 

0 Helpful

Go to solution
startx001
Level 1
Level 1
In response to Marvin Rhoads

‎10-07-2014 03:57 AM

HI ,

 

But if i have two ASA 5520 in Active/Standby and i put aditional license on active unit only .

 

L-ASA-SSL-250-500=

ASA 5500 SSL VPN 250 to 500 Premium User Upgrade License

 

The standby unit will automaticly  get licenses from active unit ? or how it goes in Active/Stanby mode ?

 

KR 

VZ

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to startx001

‎10-07-2014 04:29 AM

Starting with Version 8.3(1), failover units do not require the same license on each unit. Older versions of ASA software required that the licenses match on each unit. If you have licenses on both units, they combine into a single running failover cluster license.

The primary exception is the Security Plus license that is a prerequisite to enable failover on the low-end models.

The specific license you mention does need the 250 SSL VPN Premium user license to be present first on the unit where it is activated but that's because it is an upgrade license, not having anything to do with failover.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card