RE: ASA 5510 License Requirement for Security Lab

From: Christopher M. Heffner (cheffner@certified-labs.com)
Date: Tue Feb 06 2007 - 14:12:42 ART

• Next message: Mohammad Saeed: "Question about Network Not advertised or Redistributed"
• Previous message: BitGossip: "area 77 nssa no-redistribution no-summary"
• Maybe in reply to: Zahid Hassan: "ASA 5510 License Requirement for Security Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This actual requirement (listed in the original email below) is
discussing the PIX 500 series for the 515/525/535 firewalls.
Unfortunately, Cisco did not make that clear in the original 7.0
documentation that you referenced in your email reply.

If you take a look at the 7.2 documentation, you will see that Cisco
updated that information to make it clearer.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/co
nf_gd/general/failover.htm#wp1053685

As for the ASA5510 appliances, they will only support Failover with
Security Plus licenses.

Starting with the 7.2 code version the ASA-5510 will support multiple
contexts and active/active failover. Also increased the numbers of
vlans supported in 7.2 with the base and security plus licenses.

Prior to 7.2 code the ASA-5510 only support Active/Standby failover and
no multiple contexts with the security plus license.

There is no failover or multi-context support with the base license on
any existing version of code for the ASA-5510 units.

HTH.

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
 
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kamal N Malhotra
Sent: Saturday, February 03, 2007 4:02 PM
To: 'Zahid Hassan'; 'Security GroupStudy'; 'R&S CCIE GroupStudy'
Subject: RE: ASA 5510 License Requirement for Security Lab

Hi Zahid,

No. You need not have security plus on both for failover to work.
Whoever says that you need it, is wrong. In order to have failover work,
you need security plus on atleast one box, the other might have
"failover only"
license. But if you want Active/Active failover to work, then you need
security plus on both.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/con
fig/failover.htm#wp1047269

HTH,

Thanks and warm regards,
 
 
Kamal N Malhotra
TAC Engineer - VPN
Cisco Systems Inc.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Zahid Hassan
Sent: Saturday, February 03, 2007 2:06 PM
To: Security GroupStudy; R&S CCIE GroupStudy
Subject: ASA 5510 License Requirement for Security Lab

Dear All,

Can anyone please clarify if its really necessary to have two ASA 5510
with Security Plus license.

Will failover configuration work if one is with Security Plus and the
other with Base license ?

Thanks in advance for any input on this.

Regards,

Zahid
CCIE #14103 (R&S/SP)

• Next message: Mohammad Saeed: "Question about Network Not advertised or Redistributed"
• Previous message: BitGossip: "area 77 nssa no-redistribution no-summary"
• Maybe in reply to: Zahid Hassan: "ASA 5510 License Requirement for Security Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART