Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1924
Views
0
Helpful
1
Replies

ASA high availability question

Thomas McLean
Level 1
Level 1

‎04-13-2011 07:25 AM

All,

We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?

I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units!


Could anyone confirm if I will need 2 seperate license sets to keep my firewalls in a HA pair?

Thanks in advance!

Thomas.

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-14-2011 01:47 AM

Yes, you need to purchase exactly the same license on both ASA if you are running failover, and running ASA version 8.2 and below.

However if you are running ASA version 8.3 and above, no, you do not need to purchase 2 license for ASA running in Active/Standby failover. You can just purchase 1 on the Primary firewall, and it will work when it fails over.

Here is more information on licensing on version 8.3 and above for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/license_standalone/license_management/license.html

If you decide to upgrade to version 8.3 or above, please check the memory requirement as well as all the new features (especially NAT that has completely change from version 8.3 onwards).

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents