rkascex.blogg.se

1. #CISCO ASA SECURITY PLUS LICENSE FEATURES SOFTWARE#
2. #CISCO ASA SECURITY PLUS LICENSE FEATURES LICENSE#

This capability is useful when splitting failover or cluster members to configure them as shared VPN licensing peers instead.

#CISCO ASA SECURITY PLUS LICENSE FEATURES LICENSE#

You can use the clear configure failover or clear configure cluster command to manually remove the aggregated license and force the unit to revert to its locally activated features before the 30-day period expires. If a device loses the connection to its failover peer or a cluster for over 30 days, it falls back to its locally licensed feature set. This platform has an ASA5585-SSP-20 VPN Premium license. Intercompany Media Engine : Disabled perpetual Maximum Physical Interfaces : Unlimited perpetualĪn圜onnect Essentials : Disabled perpetualĪn圜onnect for Mobile : Disabled perpetualĪn圜onnect for Cisco VPN Phone : Disabled perpetualĪdvanced Endpoint Assessment : Disabled perpetualīotnet Traffic Filter : Disabled perpetual Example 3-8 Aggregated Cisco ASA License Information with Failover or Clustering Failover cluster licensed features for this platform: As shown in Example 3-8, this feature set supersedes the licensed feature set of the local unit as long as it continues to participate in a failover pair or a cluster. Notice that the combined count of 1000 sessions from the individual licenses exceeds the Total VPN session count of 750 for this platform this causes the downward adjustment.Īfter license aggregation, each failover peer or cluster member displays an additional section in the output of the show version and show activation-key commands to reflect the combined active feature set of the device. After aggregating these capacities, each device in this failover pair allows up to 750 sessions for this feature. Consider a failover pair of Cisco ASA 5525-X appliances where both the primary and secondary units have the active An圜onnect Premium Peers licenses for 500 sessions each. This happens even if the particular tiered counts for the same feature do not match between all participating members. For each tiered feature, the licensed capacities of the individual units combine up to the platform limit of each member.For instance, each unit of a cluster enables the IPS Module license if at least one of the members has it enabled in the local feature set. For each feature that can be either enabled or disabled, the combined failover or cluster license inherits the best setting from all of the feature sets of the participating devices.Each failover unit or cluster member computes its local feature set by combining the permanent and active time-based activation keys using the rules discussed earlier.

The system follows these steps to create a combined feature set of a failover pair or a cluster: The Encryption-3DES-AES license must be in the same state on both failover peers and all cluster members.Īfter satisfying these basic requirements, the rest of the licensed features and capacities from both failover peers and all active cluster members combine to form a single feature set that all the participating devices use concurrently.

#CISCO ASA SECURITY PLUS LICENSE FEATURES SOFTWARE#

Cisco ASA 5500-X appliances require Cisco ASA 9.1(4) software to use this feature, and it is enabled by default on all Cisco ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X models and on the Cisco ASA 5512-X with the Security Plus license. For clustering, each Cisco ASA 5580 and ASA 5585-X unit must have the Cluster feature enabled independently.These have to match because all cluster members must have the 10GE I/O feature in the same state. For clustering, all participating Cisco ASA 5585-X appliances with SSP-10 and SSP-20 must have either the Base license or the Security Plus license.For failover, Cisco ASA 5505, ASA 5510, and ASA 5512-X appliances must have the Security Plus license installed.After the changes in Cisco ASA 8.3(1) software, only the following license requirements remain for the ASA devices that participate in failover or clustering: Given that most designs used the Active/Standby failover configuration, this led to underutilization of licensed capacities.

Prior to Cisco ASA Software version 8.3(1), both units in a failover pair required identical licensed feature sets. Combined Licenses in Failover and Clustering