Originally, I just wanted to point out how you can check your license version to confirm whether or not you’ll be able to configure the “Failover” feature. Then, I realized perhaps it would be good to point out at least the differences between the “Base” license and “Security Plus” licenses. I expect there are some techs out there trying to configure or resolve something they aren’t licensed for. Naturally there are other other variations, but this is what I’ve encountered most.
The most common reason I’ve upgraded clients to the Security Plus license is to activate the “Failover” and “Dual ISP” features. The “Dual ISP” feature is only relevant to the ASA 5505. The 5510 can implement 2 outside interfaces with the “Base” license, whereas the 5505 requires the upgrade. You must upgrade the license to enable “Failover” on both models.
I’ve confirmed that these commands are the same for ASA version 8.2 and 9.1.
There are two commands we can use to determine our license version and features
Firewall# show version
“Show version” will actually show a lot more than your license type and features. It will display information about the currently loaded software along with hardware and device information.
Firewall# show activation-key
“Show activation-key” will show you just details about your currently loaded license.
Here is the licensing related output and feature differences for both ASA models between the BASE and SECURITY PLUS licenses. …..I’ve eliminated any identical features.
ASA 5505 With a BASE license:
Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted Inside Hosts : 10 Failover : Disabled VPN Peers : 10 Dual ISPs : Disabled VLAN Trunk Ports : 0 This platform has a Base license.
ASA 5505 With a SECURITY PLUS license:
VLANs : 20, DMZ Unrestricted Inside Hosts : Unlimited Failover : Active/Standby VPN Peers : 25 WebVPN Peers : 2 Dual ISPs : Enabled VLAN Trunk Ports : 8 This platform has an ASA 5505 Security Plus license.
ASA 5510 With a SECURITY PLUS license:
Maximum Physical Interfaces : Unlimited Maximum VLANs : 100 Inside Hosts : Unlimited Failover : Active/Active Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 250 WebVPN Peers : 2 This platform has an ASA 5510 Security Plus license.
I’ll describe the license upgrade/installation process in another post.Follow thecloudphd