11-07-2013 06:33 AM - edited 03-11-2019 08:01 PM
I have two ASA5520 which was configured for failover. We added some Anyconnect VPN licenses and it broke the failover because we didn't add the licenses to both firewalls. Now the Primary is saying that failover is off. We plan to buy the VPN licenses for the second firewall later but until we do that i am just wondering if the Primary die would it be possible to bootup the secondary and get it to work? Any help would be greatly appreciated
Thanks,
Lake
Solved! Go to Solution.
11-07-2013 07:00 AM
Hi,
I assume that you are running software level 8.2 or below?
If I am not totally mistaken the AnyConnect Essentials could be shared with the Standby unit if your Failover pair were running 8.3 or above software. But I am not 100% sure about this but that is my understanding. Hopefully someone will correct me if infact the 8.3 software units dont share the Anyconnect Essentials license.
Though upgrading from 8.2 to 8.3 or above would mean that you would have to check if your unit has enough memory to support that and also would have to consider the completely changed NAT format.
Naturally if your main firewall breaks down you can boot up the old firewall. It should work like any other standalone firewall. I guess in that situation the only difference would be that it wouldnt have the VPN license and probably not the exact same configurations if its now offline and they arent in Failover syncing configurations.
- Jouni
11-07-2013 07:00 AM
Hi,
I assume that you are running software level 8.2 or below?
If I am not totally mistaken the AnyConnect Essentials could be shared with the Standby unit if your Failover pair were running 8.3 or above software. But I am not 100% sure about this but that is my understanding. Hopefully someone will correct me if infact the 8.3 software units dont share the Anyconnect Essentials license.
Though upgrading from 8.2 to 8.3 or above would mean that you would have to check if your unit has enough memory to support that and also would have to consider the completely changed NAT format.
Naturally if your main firewall breaks down you can boot up the old firewall. It should work like any other standalone firewall. I guess in that situation the only difference would be that it wouldnt have the VPN license and probably not the exact same configurations if its now offline and they arent in Failover syncing configurations.
- Jouni
11-07-2013 07:06 AM
That was my main question for now whether the failver would work if the Primary fails. Thank you very much.
11-07-2013 07:45 AM
Hi,
I assume you mean the same thing as you say in the original post? I mean that the Failover pair went down and the Secondary ASA is now not in use since the Failover doesnt work and IF the currently used unit would break you would then boot up/power up the Secondary unit to take its place.
- Jouni
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide