I’ve configured many clusters using Cisco ASA gear, but this time i got a strange message bringing the cluster UP (active/passive) using a pair of 5510 (code asa842-k8.bin).
Error message:
Mate’s license (Licensed Cores ) is not compatible with my license (Licensed Cores ). Failover will be disabled.
Understanding Licensing models it´s always hard, because of the product evolution. But i was wondering even with same License (Security Plus) could be because of having different AnyConnect seats? After generate a demo license didn’t work, so my last guess was look to release notes and Bingo! Affected by CSCtj87870
After upgrade to 8.4(7) it worked!
Firewall 1
FW1#
show activation-key
Serial Number: JMXyyyyyyyy
Running Permanent Activation Key: 0x0f19ee7b 0x2cf2fb8c 0x4ce23d7c 0xb0d4587c 0x013d09beLicensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
The flash permanent activation key is the SAME as the running permanent key.
Firewall 2
FW2#
show activation-key
Serial Number: JMXxxxxxxx
Running Permanent Activation Key: 0xfe13ca68 0xd8bc8063 0x697114e4 0xccd4b0c0 0x4004cbb6Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 50 perpetual
AnyConnect Essentials : 250 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
The flash permanent activation key is the SAME as the running permanent key.
FW1/act#
show failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER Ethernet0/3 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 0 of 110 maximum
failover replication http
Version: Ours 8.4(7), Mate 8.4(7)
Last Failover at: 19:24:17 GMT/BDT Jul 13 2015
This host: Primary – Active
Active time: 72212 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.4(7)) status (Up Sys)
Interface outside (185.11.166.209): Normal (Not-Monitored)
Interface inside (10.1.1.254): Normal (Not-Monitored)
slot 1: empty
Other host: Secondary – Standby Ready
Active time: 0 (sec)
slot 0: ASA5510 hw/sw rev (2.0/8.4(7)) status (Up Sys)
Interface outside (0.0.0.0): Normal (Not-Monitored)
Interface inside (0.0.0.0): Normal (Not-Monitored)
slot 1: emptyStateful Failover Logical Update Statistics
Link : FAILOVER Ethernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 10714600 0 9605 1
sys cmd 9605 0 9605 1
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 265004 0 0 0
UDP conn 9540443 0 0 0
ARP tbl 488430 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 3 0 0 0
VPN IKEv1 P2 146 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 410969 0 0 0
Route Session 0 0 0 0
User-Identity 0 0 0 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 8 9606
Xmit Q: 0 122 10979540