12-17-2018 10:51 AM
Hi All,
If Im applying Apex or PLUS licenses to my active ASA, is it available across the virtual contexts or for each VC do I need to apply licenses?
Also If I have a Active/standby virtual contexts across 2 ASA devices, will the APEX/PLUS licenses Inherit to the backup Context?
Appreciate your responses.
Regards
BS
12-17-2018 03:13 PM - edited 12-17-2018 03:21 PM
Hi Stanly,
As far as virtual contexts whatever is applied to the main context for licensing is shared across the sub contexts. However some licenses will need to be allocated to sub contexts such as Anyconnect. If you have a 500 user license you will need to allocate how many licenses from that pool can be used in each context.
class gold limit-resource Mac-addresses 10000 limit-resource Conns 15.0% limit-resource rate Conns 1000 limit-resource rate Inspects 500 limit-resource Hosts 9000 limit-resource ASDM 5 limit-resource SSH 5 limit-resource rate Syslogs 5000 limit-resource Xlates 36000 limit-resource Routes 5000 limit-resource VPN Other 10 limit-resource VPN Burst Other 5 limit-resource VPN AnyConnect 2
the last one specifies how many anyconnect licenses you are assigning to this class, this class "gold" would then need to be assigned to the sub context.For example if your context name was "Cisco" you would go to that context and add "member gold".
In general licenses are based of serial number so the only reason you would need a different licenses is if you had different devices.
That brings us to the second part. Your active/standby would need the same encryption license on both devices because the second device will have a different serial number you will need a separate platform license.For Anyconnect there is a way to share your license between multiple devices in your CCO license portal.If you need help distributing an Anyconnect license between devices please feel free to contact Cisco TAC. You can also refer to this guide on licensing under the "Licensing for failover" section.
Also I wanted to make you aware that if you are using failover in multi context with Anyconnect there are many unsupported features.Please take a look at this link:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw19758/?reffering_site=dumpcr
Please let me know if this answered your question or if you had any other questions.
12-17-2018 03:27 PM - edited 12-18-2018 10:21 AM
12-17-2018 03:31 PM - edited 12-18-2018 10:20 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide