KB ID 0000531
Problem
Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device.
Solution
1. Your first step is to purchase the Licence you require from an authorised cisco reseller.
2. When your licence arrives you need to locate the PAK that is on the certificate.
3. You need the Serial number of the ASA 5500, to get this either look on the chassis of the device or issue a “show version” command.
[box]
PetesASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.1(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
PetesASA up 5 days 17 hours
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : Cnlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 001d.70df.3e28, irq 9
1: Ext: Ethernet0/1 : address is 001d.70df.3e29, irq 9
2: Ext: Ethernet0/2 : address is 001d.70df.3e2a, irq 9
3: Ext: Ethernet0/3 : address is 001d.70df.3e2b, irq 9
4: Ext: Management0/0 : address is 001d.70df.3e27, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 25
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1234ABCD
Running Activation Key: 0x5c385c4d 0xf8344dbb 0xac3161c8 0xaf983c24 0x88888888
Configuration register is 0x1
Configuration has not been modified since last system restart.
[/box]
4. So the one above has a serial Number of JMX1234ABCD.
5. Now you have the PAK and the serial number, you need to register them with Cisco Go there, login with a Cisco CCO account name. Enter the PAK Code > Submit.
6. Check the PAK details, and add more as required > Click “All Done”.
7. Enter the Serial Number of the ASA and tick “I Agree..” > Enter/Check your details > Enter the Licensee details (If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying “Processing” > When complete it should “Go Green” and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail (Thanks Microsoft, that’s not funny!)
10. When the Licence comes in, the detail that you need is the activation key, it will look like….
dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
11. You add this licence to the ASA with an “activation-key” command:
[box]
PetesASA> enable
Password: ***********
PetesASA# configure terminal
PetesASA(config)# activation-key dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 50
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5510 Security Plus license.
Both running and flash activation keys were updated with the requested key.
PetesASA(config)#
[/box]
12. That’s the licence added.
Note: In the example above I added a licence to increase the web VPN peers from 25 to 50 (Which you can see if you compare the two pieces of code).
To add a Licence from the ASDM
1. Connect via ASDM.
2. Navigate to > Configuration > Device Management > Licensing > Activation Key > Paste in the new activation key > Update Activation Key.
Related Articles, References, Credits, or External Links
Cisco Catalyst Switches – Adding Licenses