Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1686
Views
0
Helpful
12
Replies

ASA AnyConnect License (HA setup)

Mr_Jones
Level 1
Level 1

‎03-16-2020 07:13 AM

Hi All 

 

quick question, I have added a new license to my ASA for more users to connect to the vpn (this has been added to the primary asa) - but the failover ASA is not showing the same activation key

 

am i correct in thinking once the device fails over it will show the new Activation key i added onto the primary device

 

Just to make you aware the devices are setup as HA

Labels:
0 Helpful
12 Replies 12

Karsten Iwen
VIP
VIP

‎03-16-2020 07:43 AM

The secondary ASA can not show the activation-key as the key is bound to the serial-number of the primary ASA. But this is no problem as in HA, both ASAs share the licenses. Only if you want to operate the secondary ASA alone, you need to generate a new activation-key in the licensing portal based on the secondary serial-number.

0 Helpful

Mr_Jones
Level 1
Level 1
In response to Karsten Iwen

‎03-16-2020 07:47 AM

Thank you for that, I got worried 

 

as a test i failed over the Firewall so the HA secondary became active but it still showed a different licence key (was worried it never migrated the licnese from the PRIMARY)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2020 07:47 AM


"Starting with Version 8.3(1), you do not have to have matching licenses on both units. Typically,
you buy a license only for the primary unit; the secondary unit inherits the primary license when it
becomes active"

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-license.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mr_Jones
Level 1
Level 1
In response to balaji.bandi

‎03-16-2020 07:50 AM

Thank you, i get that

 

im running asa 9.9 (2) but when i failed over the HA and ran from the Secondary (now active) the license on show Ver hadn't updated so i was a little confused 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Mr_Jones

‎03-16-2020 08:00 AM

When the primary up and running, Secondary you do basic config, and rest all will be sync with Primary automatically.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mr_Jones
Level 1
Level 1
In response to balaji.bandi

‎03-16-2020 08:03 AM

correct i get that - but i was under the impression that the license would show on the Secondary once its failed-over as the active connection - which it doesnt under show ver or show activation-key

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Mr_Jones

‎03-16-2020 08:14 AM

Hi,

 

    It's more of a "cosmetic" bug, which i think will not be fixed, based on how the ASA licensing model started; behind the scenes though, it works as expected.

 

Regards,

Cristian Matei.

0 Helpful

Mr_Jones
Level 1
Level 1
In response to Cristian Matei

‎03-16-2020 08:23 AM

well thank you all for the confirmation :)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Mr_Jones

‎03-16-2020 08:24 AM

Agreed its not end of the world as long as it is operational and working as expected as business point of view.

 

I can understand your concern, some time cisco developpers try hard to meet the fast phase of coding, if you keen to resolve more depeth, open a Cisco TAC case (if you have smartnet contract).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mr_Jones
Level 1
Level 1
In response to Leo Laohoo

‎03-18-2020 01:14 AM

hi All

 

just to confirm all, If im updating the license key (number of users) but have all the same features - I wont need to reload will i?

as we are getting no additional features?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Mr_Jones

‎03-18-2020 04:56 AM

yes as per the License concern yes it should work as expected after license applied (no reboot required).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents