03-16-2020 07:13 AM
Hi All
quick question, I have added a new license to my ASA for more users to connect to the vpn (this has been added to the primary asa) - but the failover ASA is not showing the same activation key
am i correct in thinking once the device fails over it will show the new Activation key i added onto the primary device
Just to make you aware the devices are setup as HA
03-16-2020 07:43 AM
The secondary ASA can not show the activation-key as the key is bound to the serial-number of the primary ASA. But this is no problem as in HA, both ASAs share the licenses. Only if you want to operate the secondary ASA alone, you need to generate a new activation-key in the licensing portal based on the secondary serial-number.
03-16-2020 07:47 AM
Thank you for that, I got worried
as a test i failed over the Firewall so the HA secondary became active but it still showed a different licence key (was worried it never migrated the licnese from the PRIMARY)
03-16-2020 07:47 AM
"Starting with Version 8.3(1), you do not have to have matching licenses on both units. Typically,
you buy a license only for the primary unit; the secondary unit inherits the primary license when it
becomes active"
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-license.pdf
03-16-2020 07:50 AM
Thank you, i get that
im running asa 9.9 (2) but when i failed over the HA and ran from the Secondary (now active) the license on show Ver hadn't updated so i was a little confused
03-16-2020 08:00 AM
When the primary up and running, Secondary you do basic config, and rest all will be sync with Primary automatically.
03-16-2020 08:03 AM
correct i get that - but i was under the impression that the license would show on the Secondary once its failed-over as the active connection - which it doesnt under show ver or show activation-key
03-16-2020 08:14 AM
Hi,
It's more of a "cosmetic" bug, which i think will not be fixed, based on how the ASA licensing model started; behind the scenes though, it works as expected.
Regards,
Cristian Matei.
03-16-2020 08:23 AM
well thank you all for the confirmation :)
03-16-2020 08:24 AM
Agreed its not end of the world as long as it is operational and working as expected as business point of view.
I can understand your concern, some time cisco developpers try hard to meet the fast phase of coding, if you keen to resolve more depeth, open a Cisco TAC case (if you have smartnet contract).
03-17-2020 04:11 PM
03-18-2020 01:14 AM
hi All
just to confirm all, If im updating the license key (number of users) but have all the same features - I wont need to reload will i?
as we are getting no additional features?
03-18-2020 04:56 AM
yes as per the License concern yes it should work as expected after license applied (no reboot required).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide