raffie613
asked on
ASA 5505 Licenses
I have an ASA 5505, that I keep seeing a license has exceeded the 10 allowed. I have two machines sparatically suddenly dropping their internet connection but are able to connect to everything internally. This seems like the firewall is denying their access. How can I get more licenses added to my ASA to solve this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can search to buy it online or at the nearest Cisco Reseller/Partner in your city. Basically it is just a Key, like any Product key for Microsoft products, you just need to enter in to ASA
http://www.cdw.com/shop/products/Cisco-ASA-5505-Software-license/1672218.aspx
or
http://www.cdw.com/shop/products/Cisco-ASA-5505-Software-upgrade-license/1517590.aspx
That is from CDW.
You will get a PAK code.
Then you will go to
www.cisco.com/go/license and your PAK code. You will have to fill out a form and provide the serial number of your ASA. Once that is submitted you will get an activation license with instructions back from Cisco.
It is basically a one line command to activate the license.
or
http://www.cdw.com/shop/products/Cisco-ASA-5505-Software-upgrade-license/1517590.aspx
That is from CDW.
You will get a PAK code.
Then you will go to
www.cisco.com/go/license and your PAK code. You will have to fill out a form and provide the serial number of your ASA. Once that is submitted you will get an activation license with instructions back from Cisco.
It is basically a one line command to activate the license.
ASKER
will the order tell me what command to issue?
The order will not, but once you receive your order you will have to follow the process I mentioned above. Once you register the PAK number with Cisco they will send you your new activation license that will enable the additional users. When they send that to you it will include instructions.
ASKER
CDW said they will not let me buy it unless I use the company name credit card.
Is there someone else I can go to ? Like a whole seller?
Is there someone else I can go to ? Like a whole seller?
You can buy it from any cisco partner. You can contact your local cisco team and they can give you names of folks in your area.
Add Licences to Cisco ASA
1. You need the PAK number from the upgrade Licence (Looks Like ASA-7x-CQ-34B3b0).
2. You need the Serial number of the ASA issue a show version command i.e.
-=-=-=-=-=-=-=-=-=-=-=-=-=
CiscoASAHostname# show version
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
CiscoASAHostname up 5 days 17 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : Cnlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.70df.3e28, irq 9
1: Ext: Ethernet0/1 : address is 001d.70df.3e29, irq 9
2: Ext: Ethernet0/2 : address is 001d.70df.3e2a, irq 9
3: Ext: Ethernet0/3 : address is 001d.70df.3e2b, irq 9
4: Ext: Management0/0 : address is 001d.70df.3e27, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 25
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1234L2LC
Running Activation Key: 0x5c385c4d 0xf8344dbb 0xac3161c8 0xaf983c24 0xca28e999
Configuration register is 0x1
Configuration has not been modified since last system restart.
-=-=-=-=-=-=-=-=-=-=-=-=-=
3. So the one above has a serial Number of JMX12344L2LC
4. Go to http://www.cisco.com/web/go/license/index.html and log in with a Cisco CCO account.
5. Enter the PAK Code > Submit.
6. Check the PAK details and add more as required > Click "All Done".
7. Enter the Serial Number of the ASA and tick "I Agree.." > Enter/Check your details > Enter the Licensee details 9If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying "Processing" > When done it should "Go Green" and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail!!
10. When the Licence comes in the detail that you need is the key, it will look like....
Key:dd12eb50 9e16d5bb 45b2a92c 78901838 44a0b999
11. Log into the firewall and enter the new key,
-=-=-=-=-=-=-=-=-=-=-=-=-=
CiscoASAHostname> enable
Password: ***********
CiscoASAHostname# configure terminal
CiscoASAHostname(config)# activation-key dd12eb50 9e16d5bb 45b2a92c 78901838 44a0b999
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 50
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Both running and flash activation keys were updated with the requested key.
CiscoASAHostname(config)#
-=-=-=-=-=-=-=-=-=-=-=-=-=
jog done
Pete
1. You need the PAK number from the upgrade Licence (Looks Like ASA-7x-CQ-34B3b0).
2. You need the Serial number of the ASA issue a show version command i.e.
-=-=-=-=-=-=-=-=-=-=-=-=-=
CiscoASAHostname# show version
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
CiscoASAHostname up 5 days 17 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : Cnlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.70df.3e28, irq 9
1: Ext: Ethernet0/1 : address is 001d.70df.3e29, irq 9
2: Ext: Ethernet0/2 : address is 001d.70df.3e2a, irq 9
3: Ext: Ethernet0/3 : address is 001d.70df.3e2b, irq 9
4: Ext: Management0/0 : address is 001d.70df.3e27, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 25
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1234L2LC
Running Activation Key: 0x5c385c4d 0xf8344dbb 0xac3161c8 0xaf983c24 0xca28e999
Configuration register is 0x1
Configuration has not been modified since last system restart.
-=-=-=-=-=-=-=-=-=-=-=-=-=
3. So the one above has a serial Number of JMX12344L2LC
4. Go to http://www.cisco.com/web/go/license/index.html and log in with a Cisco CCO account.
5. Enter the PAK Code > Submit.
6. Check the PAK details and add more as required > Click "All Done".
7. Enter the Serial Number of the ASA and tick "I Agree.." > Enter/Check your details > Enter the Licensee details 9If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying "Processing" > When done it should "Go Green" and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail!!
10. When the Licence comes in the detail that you need is the key, it will look like....
Key:dd12eb50 9e16d5bb 45b2a92c 78901838 44a0b999
11. Log into the firewall and enter the new key,
-=-=-=-=-=-=-=-=-=-=-=-=-=
CiscoASAHostname> enable
Password: ***********
CiscoASAHostname# configure terminal
CiscoASAHostname(config)# activation-key dd12eb50 9e16d5bb 45b2a92c 78901838 44a0b999
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 50
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Both running and flash activation keys were updated with the requested key.
CiscoASAHostname(config)#
-=-=-=-=-=-=-=-=-=-=-=-=-=
jog done
Pete
ASKER
ok I did it. at the end it said something about this has a basic lisence. How can I verify that the license is in place?
from the command line type
show version
show version
ASKER
it says inside hosts 50. Does that mean it allows up to 50 internal users now? That is what I paid for.
Thanks.
Thanks.
Yep you got it
ASKER
Thanks.