10

We have some existing ASA-5555X in multiple context mode, and we are using one context per-vlan as a transparent layer2 firewall. Over time, we have been adding to this solution, and we're about to exceed our original license of 5 security contexts.

We purchased L-ASA-SC-10=, but it is unclear whether applying this activation key will require us to reboot the ASAs. I do know it will require us to break the active-standby pair.

Does applying L-ASA-SC-10= to our running ASAs require a reboot? We have version 9.0(2) if that matters.

user2578997
  • 103
  • 5

1 Answers1

10

A reload is only required when changing encryption features or downgrading a permanent license. You shouldn't have to break your failover pair either. For a failover pair running >8.3(1), you only need a context license on the primary, and the secondary will inherit. Context licenses applied to both units in a failover pair will combine.

Santino
  • 1,391
  • 9
  • 7
  • 3
    TY. I applied the license to the ASA, but L-ASA-SC-10= doesn't come with encryption. That means when I applied the licenses, the ASA told me I had to reboot; fortunately you get a warning on the ASA when you have feature mismatches between the old and new licenses. I called TAC and pointed out that we were getting ripped off for our existing 3DES-AES feature license by applying the new 10 Context license. TAC sent us a complimentary encryption license PAK so we would have the same encryption feature licensing as before the upgrade. After the new 3DES-AES license, no reboot was required. – user2578997 Jul 16 '13 at 00:59