Loss of communication between failover units – Cisco ASA 5505 User Manual
Page 149
3-29
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 3 Managing Feature Licenses
Information About Feature Licenses
Note
In the above example, if the AnyConnect Premium licenses are time-based, you might want
to disable one of the licenses so you do not “waste” a 500 session license from which you
can only use 250 sessions because of the platform limit.
–
You have two ASA 5540s, one with 20 contexts and the other with 10 contexts; the combined
license allows 30 contexts. For Active/Active failover, one unit can use 18 contexts and the other
unit can use 12 contexts, for example, for a total of 30; the combined usage cannot exceed the
failover cluster license (in this case, 30).
•
For licenses that have a status of enabled or disabled, then the license with the enabled status is used.
•
For time-based licenses that are enabled or disabled (and do not have numerical tiers), the duration
is the combined duration of both licenses. The primary unit counts down its license first, and when
it expires, the secondary unit starts counting down its license. This rule also applies to Active/Active
failover, even though both units are actively operating.
For example, if you have 48 weeks left on the Botnet Traffic Filter license on both units, then the
combined duration is 96 weeks.
To view the combined license, see the
“Monitoring Licenses” section on page 3-38
Loss of Communication Between Failover Units
If the failover units lose communication for more than 30 days, then each unit reverts to the license
installed locally. During the 30-day grace period, the combined running license continues to be used by
both units.
If you restore communication during the 30-day grace period, then for time-based licenses, the time
elapsed is subtracted from the primary license; if the primary license becomes expired, only then does
the secondary license start to count down.
If you do not restore communication during the 30-day period, then for time-based licenses, time is
subtracted from both primary and secondary licenses, if installed. They are treated as two separate
licenses and do not benefit from the failover combined license. The time elapsed includes the 30-day
grace period.
For example:
1.
You have a 52-week Botnet Traffic Filter license installed on both units. The combined running
license allows a total duration of 104 weeks.
2.
The units operate as a failover unit for 10 weeks, leaving 94 weeks on the combined license (42
weeks on the primary, and 52 weeks on the secondary).
3.
If the units lose communication (for example the primary unit fails over to the secondary unit), the
secondary unit continues to use the combined license, and continues to count down from 94 weeks.
4.
The time-based license behavior depends on when communication is restored:
•
Within 30 days—The time elapsed is subtracted from the primary unit license. In this case,
communication is restored after 4 weeks. Therefore, 4 weeks are subtracted from the primary license
leaving 90 weeks combined (38 weeks on the primary, and 52 weeks on the secondary).
•
After 30 days—The time elapsed is subtracted from both units. In this case, communication is
restored after 6 weeks. Therefore, 6 weeks are subtracted from both the primary and secondary
licenses, leaving 84 weeks combined (36 weeks on the primary, and 46 weeks on the secondary).