Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
0
Helpful
2
Replies

FPR1010 Licensing to replace ASA5506

jupiter1423
Level 1
Level 1

‎07-12-2021 04:57 AM

Cisco team,

I am replacing 3 ASA5506 with new FPR1010.  This is what I have on my current 3 ASA:

 

Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 30 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 50 perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual

 

This is what I am ordering:

FPR1010-NGFW-K9

L-FPR1010-SEC-PL=

CON-SNT-FPR1010N

 

What I am I missing?  I need at least 5 Anyconnect sessions and ability to do site to site VPN to 10 remote sites?

Lastly, my configuration has evolved over the years on current 3 ASA and I am using lots of features in ASA.  Is it possible to convert the config without any issue or should I stay with ASA image?

 

Thank you,

 

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-12-2021 05:04 AM

@jupiter1423 

That part number will come with the Firepower image installed, this includes NGFW features such as IPS, URL filtering etc. The Firepower license does not come with any RAVPN licenses, so you will need to purchase these separately. 25 is the minimum licenses you can purchase.

 

If you want to run the ASA image on the hardware, you'd need a different part code - FPR1010-ASA-K9 (or reimage). The ASA code will not have the NGFW features that the Firepower images supports.

 

If you don't need the NGFW features then you can run the ASA software, which will result in an easier migration to the newer hardware.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎07-12-2021 06:30 AM

Lets me cover 1 by 1 here :

 

1. License tied with Device, so you need to buy a License for your Remote VPN Access and other Lciense for NGFW (FP)

2. unlike old ASA 5 RA VPN Free, there is no Longer available with new NGFW - you need to start with 25pack and move gradually.

3. If you like you can use FP with ASA code ( you need to re-image, but License need to use new one) - i prefer to Migrate to new FP, ASA will be fade soon from market, eventually you need to move to FP.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents