10-05-2012 09:33 AM
Hi,
I recently picked up two ASA5510s (ASA5510-SSL50-K9 & ASA5510-SEC-BUN-K) with intentions of creating an Active/Standy configuration. I'm receiving the error message "Mates' license (2 SSL VPN Peers) is not compatible with my license (50 SSL VPN Peers)", but I was under the impression that I didn't have to buy idential SSL VPN licenses post 8.2 in an Active/Standby configuration.
So the question is; am I missing a step that enables the license transfer(sharing?) feature to work correctly before the failover will build correctly?
Thank you.
10-05-2012 09:43 AM
Hi Michael,
I not an expert in ASA :-( But as far as i know you need to have the same number of VPN licences on both boxes for ASA to form fail over pairs.
Hope this helps.
Regards
Najaf
CCIE (R&S) 25070
10-05-2012 10:17 AM
Hi Najaj,
A failover pair with 8.2 requires both ASA's to have the same licenses.
Failover and Temporary Licenses
With failover, identical licenses are required. For failover purposes, temporary and permanent licenses appear to be identical, so you can have a permanent license on one unit and a temporary license on the other unit. This functionality is useful in an emergency situation; for example, if one of your units fails, and you have an extra unit, you can install the extra unit while the other one is repaired. If you do not normally use the extra unit for SSL VPN, then a VPN Flex license is a perfect solution while the other unit is being repaired.
Because the temporary license continues to count down for as long as it is activated on a failover unit, we do not recommend using a temporary license in a permanent failover installation; when the temporary license expires, failover will no longer work.
However, it is not the same case since 8.3.1 and later:
Failover Licenses (8.3(1) and Later)
In Version 8.3(1) and later, failover units do not require the same license on each unit. For earlier versions, see the licensing document for your version.
Please let me know if you have any further questions, otherwise please mark this post as answered.
Thanks.
Portu
10-05-2012 10:25 AM
Hi Portu,
Thanks a lot for your responce. Unfortunatly i'm not the one who posted this question and hence i can not mark your responce as answered:-(
Sorry for that....
Regards
Najaf
CCIE (R&S) 25070
10-05-2012 11:18 AM
Hahahaha! Sorry for that, it was my mistake, I meant Michael
Anyway, your answer was fine, so I just gave you 5 stars
Lets wait for Michael to review the post then.
Portu.
10-05-2012 12:05 PM
Is there a method of 'updating' licenses? It appears I'm running 8.2(5). These licenses (and ASAs) were purchased approximately 2 weeks ago. Do they not generally ship with the latest? Does it require a different SKU?
Thank you,
Michael
10-05-2012 04:09 PM
Hi Michael,
I would recommend to you to check with your partner reseller.
If you do not want to run into this situation, you may consider an upgrade to 8.4.
Thanks.
Portu.
Please rate any helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide