Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco ASA 5585-X Adaptive Security Appliance
  5. Information Guide

Cisco Cisco ASA 5585-X Adaptive Security Appliance Information Guide

Download
Page of 25
 
 
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 
Page 4 of 25 
Licensing 
Q.  What are the different types of licenses that exist for an ASA? 
A.  The ASA supports three basic types of licenses: 
● 
Perpetual licenses: The most common ones are 
“regular” Base licenses, as well as Feature licenses such 
as the Cisco AnyConnect
®
 10K Users Premium license (SKU: L-ASA-SSL-10K). 
● 
Subscription licenses: These are time-limited licenses for services such as the Botnet Filter (for example, 
the 1-Year Botnet Filter license for 5585-X devices, SKU: ASA5585-BOT-1YR=). 
● 
Temporary licenses: These are usually 
“regular” licenses with a time limit that is typically no more than a 
few weeks. Temporary licenses are also known as demo licenses because they are commonly used for 
product or feature evaluation. 
In addition, ASAv comes in two flavors: namely, a one-vCPU model and a four-vCPU model. It supports these 
license tiers: 
● 
Standard: Failover, UC Phone Proxy, Botnet Filter, Intercompany Media Engine and GPRS Tunneling 
Protocol/General Packet Radio Service (GTP/GPRS) Inspection (bundled features have a perpetual license 
and include no AnyConnect
®
 VPN features)  
● 
Premium: AnyConnect Premium (adds a 5-year right-to-use Premium license for AnyConnect and includes 
the Standard tier) 
All licenses are tied to the serial number of a specific device. 
Q.  What is the format of an ASA 5500-X license? 
A.  The ASA 5500-X license consists of a series of five hexadecimal strings, which need to be entered with the 
activation-key command-line interface or an ASDM license. It will ship preinstalled when ordered with the 
appliance. 
Q.  Can I move a license from one ASA to another ASA appliance? 
A.  No. A license is exclusively tied to the serial number of the ASA appliance. It cannot be transferred. 
Q.  Do I need a license for a standby appliance? 
A.  Failover units or standby appliances do not require the same license on each unit. 
Older versions of ASA software required that the licenses matched on each unit. Starting with Release 8.3(1), 
you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for 
active/standby failover, the secondary unit inherits the primary license when it becomes active. If you have 
licenses on both units, they combine into a single running failover Cluster license. 
Cluster units do not require the same license on each unit. Typically, you buy a license only for the master 
unit; slave units inherit the master license. If you have licenses on multiple units, they combine into a single 
running ASA Cluster license. (Table 1 shows the licensing requirements for cluster units.) 
Exceptions  
Security Plus license for the ASA 5505 and 5512-X: The Base license does not support failover, so failover 
cannot be deployed in these systems on a standby unit that has only the Base license. 
Both units must have the same encryption license.