07-11-2016 06:29 AM - edited 03-12-2019 01:00 AM
hello everybody hope someone can help
Recently primary asa 5510 of a failover pair Active/Standby with state sync ( verison 8.3(1) ) has failed in unrecoverable state
and we need to replace it
What I'm willing to ask is what do we need to do that, as regards hardware and licensing
Unfortunately I have no info about the failed unit but i can paste here the show activation key detail for the secondary (now active unit)
Result of the command: "show activation-key detail" Serial Number: JMX1421xxxx Running Permanent Activation Key: 0xXXXd175 0xXXXXd652 0xXXXX41f0 0xXXXXf0dc 0xXXXX0d97 Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 100 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual VPN-DES : Enabled perpetual VPN-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual GTP/GPRS : Disabled perpetual SSL VPN Peers : 2 perpetual Total VPN Peers : 250 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual AnyConnect Essentials : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 2 perpetual Total UC Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual This platform has an ASA 5510 Security Plus license. Failover cluster licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 100 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual VPN-DES : Enabled perpetual VPN-3DES-AES : Enabled perpetual Security Contexts : 4 perpetual GTP/GPRS : Disabled perpetual SSL VPN Peers : 4 perpetual Total VPN Peers : 250 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual AnyConnect Essentials : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 4 perpetual Total UC Proxy Sessions : 4 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual This platform has an ASA 5510 Security Plus license. Running Permanent Activation Key: 0xXXXXd175 0xXXXXd652 0xXXXX41f0 0xXXXXf0dc 0xXXXX0d97 Licensed permanent key features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 100 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual VPN-DES : Enabled perpetual VPN-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual GTP/GPRS : Disabled perpetual SSL VPN Peers : 2 perpetual Total VPN Peers : 250 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual AnyConnect Essentials : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 2 perpetual Total UC Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual The flash permanent activation key is the SAME as the running permanent key.
Do I need a new unit with base license? what part number?
how can I be shure the license shown above is the hardcoded one or an eventually inherited from primary?
Upon adding the new unit (if with base license) can I make this secondary unit primary and be shure the license will not get lost?
thank you for any help that will be greatly appreciated
07-11-2016 02:12 PM
It doesn't really matter if you have a base license or not with your new ASA. Just make sure that it is a 5510 with the same hardware specifications as the current active ASA, and that you have the serial number for both the old and the new ASA. You might have to downgrade the ASA version to that which is installed on the currently active ASA, depending on what the new ASA is shipped with.
Go to https://tools.cisco.com/SWIFT/LicensingUI/Quickstart and download the 3DES/AES strong encryption key (which is a free download) and install it on your ASA. You can then migrate the license from the old ASA5510 to the new ASA5510 and then install that key on the ASA. If you want assistance with the license transfer you can contact cisco licensing. They are usually very helpful.
licensing@cisco.com
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide