Cisco ASA SSL VPN Licensing FAQ
Getting the right Cisco hardware in your network can be daunting task with so many different versions and revisions. On top of that, to get the hardware working with proper license and functionality also requires one to navigate a maze of confusing choices with different bundles, rules, and restrictions.
Below are the typical questions we get asked by clients on a daily basis regarding how ASA licensing works.
Q: If we buy a new ASA (the same model) to replace our old ASA, do we need a new license? Can we transfer?
A: Typically, licenses are non-transferable. Unless the old ASA is covered by SMARTNet, and that the new replacement ASA is a RMA issued directly by Cisco. That’s the only way to keep them.
Q: What license will I need for the new replacement ASA?
A: This depends on the ASA’s topology and function in the network.
– If the ASA is to replace the main Shared Licensing Server, then it’ll need the Shared Licensing Server license which will act as the license issuing server for the participant licenses.
– If the ASA is to replace the Fail-over Server, it’ll only need a Participant License. This server will act as a back-up licensing server in case the primary server is unreachable. However, the Shared Licensing Server license is only good for ONE fail-over server.
– If the ASA is to be used as a participant, only a Participant License is required.
We hope this answers some of the confusing options that server offers in its SSL VPN licensing model in regards to Cisco’s ASA appliances. There are many scenarios not described here, so if you are interested in the Cisco Adaptive Security Appliances as an option for your netowrk and don’t know where to start, feel free to contact our excellent sales team who can get you started right away.
For more information, you can visit here.
*Note: ASA with IOS version prior to 8.3 and after 8.3 have different licensing options in regards to different active/standy configurations.