Replacing ASA 5510 primary (failover pair)

Giuliano Gerardi · ‎07-11-2016

hello everybody hope someone can help

Recently primary asa 5510 of a failover pair Active/Standby with state sync ( verison 8.3(1) ) has failed in unrecoverable state

and we need to replace it

What I'm willing to ask is what do we need to do that, as regards hardware and licensing

Unfortunately I have no info about the failed unit but i can paste here the show activation key detail for the secondary (now active unit)

Result of the command: "show activation-key detail"

Serial Number:  JMX1421xxxx
Running Permanent Activation Key: 0xXXXd175 0xXXXXd652 0xXXXX41f0 0xXXXXf0dc 0xXXXX0d97 

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 100            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 2              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 2              perpetual
Total VPN Peers                : 250            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5510 Security Plus license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 100            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 4              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 4              perpetual
Total VPN Peers                : 250            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 4              perpetual
Total UC Proxy Sessions        : 4              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5510 Security Plus license.

Running Permanent Activation Key: 0xXXXXd175 0xXXXXd652 0xXXXX41f0 0xXXXXf0dc 0xXXXX0d97 

Licensed permanent key features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 100            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 2              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 2              perpetual
Total VPN Peers                : 250            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

The flash permanent activation key is the SAME as the running permanent key.

Do I need a new unit with base license? what part number?

how can I be shure the license shown above is the hardcoded one or an eventually inherited from primary?

Upon adding the new unit (if with base license) can I make this secondary unit primary and be shure the license will not get lost?

thank you for any help that will be greatly appreciated

Marius Gunnerud · ‎07-11-2016

It doesn't really matter if you have a base license or not with your new ASA. Just make sure that it is a 5510 with the same hardware specifications as the current active ASA, and that you have the serial number for both the old and the new ASA. You might have to downgrade the ASA version to that which is installed on the currently active ASA, depending on what the new ASA is shipped with.

Go to https://tools.cisco.com/SWIFT/LicensingUI/Quickstart and download the 3DES/AES strong encryption key (which is a free download) and install it on your ASA. You can then migrate the license from the old ASA5510 to the new ASA5510 and then install that key on the ASA. If you want assistance with the license transfer you can contact cisco licensing. They are usually very helpful.

licensing@cisco.com

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts