Upgrading failover pairs, No payload encryption models, Licenses faq – Cisco ASA 5505 User Manual

Page 150: For a li

Advertising
background image

3-30

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 3 Managing Feature Licenses

Information About Feature Licenses

Upgrading Failover Pairs

Because failover pairs do not require the same license on both units, you can apply new licenses to each
unit without any downtime. If you apply a permanent license that requires a reload (see

Table 3-18 on

page 3-34

), then you can fail over to the other unit while you reload. If both units require reloading, then

you can reload them separately so you have no downtime.

No Payload Encryption Models

You can purchase some models with No Payload Encryption. For export to some countries, payload
encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses a No Payload
Encryption model, and disables the following features:

Unified Communications

VPN

You can still install the Strong Encryption (3DES/AES) license for use with management connections.
For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You can also download the
dynamic database for the Botnet Traffic Filer (which uses SSL).

When you view the license (see the

“Monitoring Licenses” section on page 3-38

), VPN and Unified

Communications licenses will not be listed.

Licenses FAQ

Q.

Can I activate multiple time-based licenses, for example, AnyConnect Premium and Botnet Traffic
Filter?

A.

Yes. You can use one time-based license per feature at a time.

Q.

Can I “stack” time-based licenses so that when the time limit runs out, it will automatically use the
next license?

A.

Yes. For identical licenses, the time limit is combined when you install multiple time-based licenses.
For non-identical licenses (for example, a 1000-session AnyConnect Premium license and a
2500-session license), the ASA automatically activates the next time-based license it finds for the
feature.

Q.

Can I install a new permanent license while maintaining an active time-based license?

A.

Yes. Activating a permanent license does not affect time-based licenses.

Q.

For failover, can I use a shared licensing server as the primary unit, and the shared licensing backup
server as the secondary unit?

A.

No. The secondary unit has the same running license as the primary unit; in the case of the shared
licensing server, they require a server license. The backup server requires a participant license. The
backup server can be in a separate failover pair of two backup servers.

Q.

Do I need to buy the same licenses for the secondary unit in a failover pair?

Advertising