Re: SSL Licensing on ASA with failover

seekeilee · ‎07-18-2006

Hello,

General question you all. Cisco licensing says that we have to purchase DOUBLE the amount of licenses we need if we want to run two ASA's in active/standby failover mode. Does that sound right to you all. Can anyone comment if they are purchasing double the amount of licenses they need when they run active/standby failover? Obviously I can't afford the downtime if the primary unit dies to rehost the key.

Thanks.

CK

grant.maynard · ‎07-19-2006

Can't find anything in writing but my instinct is yes, you do need licences on both. I know that if one had a 3DES licence and the other did not, then you would loose 3DES functions if the primary failed. In your case if the primary ASA dies, you still want the secondary to do SSL, so it must have an SSL licence.

You're not buying double the licences, just one licence for each ASA.

seekeilee · ‎07-19-2006

Thanks, your instincts are correct. I can't even run the failover setup without solving the license conflict first.

Cisco Licensing says I need to buy double the license which doesn't make sense to me. Has anyone ran into this before?

leon.mflai · ‎07-24-2006

My salesperson sold only 1 set of SSLVPN license to the customers. When we install the SSLVPN license. The failover relation broke immediately and prompt a number of warning messages.

seekeilee · ‎07-24-2006

Were you able to resolve your failover warning messages?

I finally got a response from Cisco made some sense. They said they would only rehost the license to a Cisco RMA sent box. So that means I have no choice to waste the money and buy a duplicate set of license. It sucks.