KB ID 0000531 Dtd 10/11/11
Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device.
1. Your first step is to purchase the Licence you require from an authorised cisco reseller.
2. When your licence arrives you need to locate the PAK that is on the certificate.
3. You need the Serial number of the ASA 5500, to get this either look on the chassis of the device or issue a “show version” command.
PetesASA# show version Cisco Adaptive Security Appliance Software Version 8.0(3) Device Manager Version 6.1(3) Compiled on Tue 06-Nov-07 22:59 by builders System image file is "disk0:/asa803-k8.bin" Config file at boot was "startup-config" PetesASA up 5 days 17 hours Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 256MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01 IPSec microcode : Cnlite-MC-IPSECm-MAIN-2.04 0: Ext: Ethernet0/0 : address is 001d.70df.3e28, irq 9 1: Ext: Ethernet0/1 : address is 001d.70df.3e29, irq 9 2: Ext: Ethernet0/2 : address is 001d.70df.3e2a, irq 9 3: Ext: Ethernet0/3 : address is 001d.70df.3e2b, irq 9 4: Ext: Management0/0 : address is 001d.70df.3e27, irq 11 5: Int: Not used : irq 11 6: Int: Not used : irq 5 Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 100 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 250 WebVPN Peers : 25 AnyConnect for Mobile : Disabled AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled This platform has an ASA 5510 Security Plus license. Serial Number: JMX1234ABCD Running Activation Key: 0x5c385c4d 0xf8344dbb 0xac3161c8 0xaf983c24 0x88888888 Configuration register is 0x1 Configuration has not been modified since last system restart.
4. So the one above has a serial Number of JMX1234ABCD.
6. Check the PAK details, and add more as required > Click “All Done”.
7. Enter the Serial Number of the ASA and tick “I Agree..” > Enter/Check your details > Enter the Licensee details (If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying “Processing” > When complete it should “Go Green” and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail (Thanks Microsoft, that’s not funny!)
10. When the Licence comes in, the detail that you need is the activation key, it will look like….
dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
11. You add this licence to the ASA with an “activation-key” command:
PetesASA> enable Password: *********** PetesASA# configure terminal PetesASA(config)# activation-key dd12eb50 9e16d5bb 45b2a92c 78901838 44999999 Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 100 Inside Hosts : Unlimited Failover : Active/Active VPN-DES : Enabled VPN-3DES-AES : Enabled Security Contexts : 2 GTP/GPRS : Disabled VPN Peers : 250 WebVPN Peers : 50 AnyConnect for Mobile : Disabled AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled This platform has an ASA 5510 Security Plus license. Both running and flash activation keys were updated with the requested key. PetesASA(config)#
12. That’s the licence added.
Note: In the example above I added a licence to increase the web VPN peers from 25 to 50 (Which you can see if you compare the two pieces of code).
To add a Licence from the ASDM
1. Connect via ASDM.
2. Navigate to > Configuration > Device Management > Licensing > Activation Key > Paste in the new activation key > Update Activation Key.
Related Articles, References, Credits, or External Links