Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
4
Helpful
3
Replies

SSL license upgrade for failover ASA

gregmauchamer
Level 1
Level 1

‎06-07-2010 12:53 PM

In order to upgrade the standard 2 user SSL license to 50, do I have to purchase an SSL license for both the active and failover ASA, essentially doubling my cost? I bought one license and loaded it into the active unit and obviously now it wont go into failover mode because the 2 units dont match now. If you have to purchase a license for both, that certainly makes it rediculously expensive to upgrade any license in a failover.

Thanks,

Greg M

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎06-07-2010 01:47 PM

Gregory,

As far as I know you do  need to license both ,  PAK issues  activation  key  per firewall serial number...  Im not aware of any other way around it .

You can always write licensing@cisco.com directly and see if there is a way around it.

Although it is not recommended in failover deployment there is  VPN Flex licensing , where you may use temp license in the standby  when becomes active . it sounds  tedious  to keep track of timed base licenses but it may help if money  is an object in purchasing additional 50 SSL lic for the standby . Im not ware of the cost difererces when using flex license compared with permanent lic.

Some basic details here .

http://www.cisco.com/en/US/partner/docs/security/asa/asa80/license/license80.html#wp92932

Regards

Jorge Rodriguez
0 Helpful

Todd Pula
Level 7
Level 7

‎06-07-2010 01:55 PM

Prior to the release of 8.3 code, the failover feature looked at the member ASAs to ensure that the licensing matched.  With 8.3, only one unit needs a valid license.  If one ASA has a 50 user persistent license and then other has the default of 2 users, the total that the HA pair could support is 52.  Remember that in order to upgrade to 8.3, each platform has strict memory requirements many of which will require a memory upgrade.

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/ha_overview.html#wp1092030

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/release/notes/asarn83.html#wp37821

JORGE RODRIGUEZ
Level 10
Level 10
In response to Todd Pula

‎06-07-2010 02:04 PM

Topula, indeed excellent info !  I think this is something folks were looking for  prior 8.3 .

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents