Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
4
Replies

Upgrade the ASA-5505 after the SecPlus is installed.

Kerry Kriegel
Level 1
Level 1

‎08-22-2012 10:32 AM - edited ‎03-11-2019 04:45 PM

I have several ASA-5505 units with the SecurityPlus license.  These are running older OS versions and I would like to upgrade them.  I am wondering if I will lose the SecurityPlus if I upgrade the image to 8.3

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-22-2012 10:42 AM

No. Your license and associated activation-key will be carried forward.

(It is a good practice to back up that key offline somewhere in the event of failure of the device.)

Note 8.3+ typically requires memory upgrade on older platforms. Reference.

0 Helpful

Kerry Kriegel
Level 1
Level 1
In response to Marvin Rhoads

‎08-22-2012 10:49 AM

When I purchased the SecPlus and went to Cisco's website, I was required to enter the device Serial Number to generate the activation key.

In the evant of a device failure, will that key be of any use on any another device?  I have always assumed ( yeah yeah, I know) that the key was only good on that serial numbered device.

My solution so far is to have a hot-swap spare sitting on the shelf (with SecPlus installed).

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Kerry Kriegel

‎08-22-2012 10:57 AM

My backup suggestion was for software catastrophes.

If the failure is hardware and you are issued another unit by the TAC, they will authorize you for a new license activation-key.

If your backup solution is self-coverage then, yes - you will need two licenses.

0 Helpful

Ramraj Sivagnanam Sivajanam
Level 4
Level 4
In response to Kerry Kriegel

‎08-22-2012 11:05 AM

Hi There

The activation-key is only good for that chassis alone. For this reason, when you wanted to have the new activation-key that comes with SecPlus, the Cisco website requested you to enter the chassis serial number. Otherwise, every Tom Dick and Harry who has a Cisco ASA 5505 will enjoy SecPlus features for FREE, if they were to get hold of your SecPlus activation-key :-)

Hence, your objective to have a hot-swap device on standby just in case, the unit goes down cannot be achieved unless your spare units too have its' own  SecPlus license enabled. Alternatively, you might wanna consider running your Cisco ASA 5505 in Active/Standby failover provided both the chassis has SecPlus license enabled.

Unfortunately, Cisco doesn't provide demo license for SecPlus. Otherwise, you could load that demo license in your spare chassis. I know this for a fact, as I've asked Cisco for this 1,000 times in the past.

If you were to ask me, why don't you signed up a support Maintenance Contract with a local Cisco Gold Partner. These partners will have various Cisco ASA  models with SecPlus readily available in their store, just waiting to be deployed, in the event of a P1 case logged.

Note: If you're new to Cisco ASA, I wouldn't recommend you to upgrade to 8.3 and above for now. The syntax for NATs and objects have changed so dramatically, it's rather confusing at first. Just stick to version 8.2.4 max (not even 8.2.5 ~ very buggy). However, if you're comfortable with software version 8.3 and above, then it's always good to have the latest stabile Cisco software version in your FW.

P/S: If you think this comment is useful, please do rate it nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card