Cisco ASA: “Wrong Serial Number?”

KB ID 0001530

Problem

Cisco have done this for a while, the first time I saw it was years ago on a 5585, but all the NGFW models now have a ‘Serial Number” and a “Chassis Serial Number”. Normally you don’t care unless you need to log a TAC call online. So you issue a show version command, take a note of the serial number, and then it says, there’s no record of that serial number?

Solution

Just to be clear

SmartNets are registered to the Chassis Serial Number, this is NOT the serial number shown with a ‘show version‘ command.

Software (e.g. AnyConnect) is licensed to the Serial Number that IS shown with a ‘show version‘ command.

As a general rule, Cisco ASA chassis serial numbers start with JMX, and the serial numbers start with JAD.

How to Locate the Cisco ASA ‘Chassis Serial Number’

Well it’s printed on the chassis of course, but if it’s in a rack or a thousand miles away, that’s not much help! To get it remotely you use the ‘show inventory’ command;

[box]

Petes-ASA# show inventory
Name: "Chassis", DESCR: "ASA 5516-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5516           , VID: V05     , SN: JMX1234ABCD

Name: "Storage Device 1", DESCR: "ASA 5516-X SSD"
PID: ASA5516-SSD       , VID: N/A     , SN: MSA21470XXX

Petes-ASA#

[/box]

How to Locate the Cisco ASA ‘Serial Number’

Same as with the old 5500 series firewalls, (and the PIX) use a show version command.

[box]

Petes-ASA# show version

Cisco Adaptive Security Appliance Software Version 9.8(2)24
Firepower Extensible Operating System Version 2.2(2.75)
Device Manager Version 7.8(2)151

Compiled on Thu 01-Mar-18 20:21 PST by builders
System image file is "disk0:/asa982-24-lfbff-k8.SPA"
Config file at boot was "startup-config"

Petes-ASA up 146 days 1 hour
failover cluster up 146 days 1 hour

Hardware:   ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Number of accelerators: 1

 1: Ext: GigabitEthernet1/1  : address is 00a7.42e1.6ed6, irq 255
 2: Ext: GigabitEthernet1/2  : address is 00a7.42e1.6ed7, irq 255
 3: Ext: GigabitEthernet1/3  : address is 00a7.42e1.6ed8, irq 255
 4: Ext: GigabitEthernet1/4  : address is 00a7.42e1.6ed9, irq 255
 5: Ext: GigabitEthernet1/5  : address is 00a7.42e1.6eda, irq 255
 6: Ext: GigabitEthernet1/6  : address is 00a7.42e1.6edb, irq 255
 7: Ext: GigabitEthernet1/7  : address is 00a7.42e1.6edc, irq 255
 8: Ext: GigabitEthernet1/8  : address is 00a7.42e1.6edd, irq 255
 9: Int: Internal-Data1/1    : address is 00a7.42e1.6ed5, irq 255
10: Int: Internal-Data1/2    : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3    : address is 0000.0001.0003, irq 0
13: Ext: Management1/1       : address is 00a7.42e1.6ed5, irq 0
14: Int: Internal-Data1/4    : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 4              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 300            perpetual
Total VPN Peers                   : 300            perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 1000           perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual
VPN Load Balancing                : Enabled        perpetual


Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 4              perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 8              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 300            perpetual
Total VPN Peers                   : 300            perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 1000           perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Enabled        perpetual
VPN Load Balancing                : Enabled        perpetual

The Running Activation Key feature: 2000 TLS Proxy sessions exceed the limit on the platform, reduced to 1000 TLS Proxy sessions.

Serial Number: JAD1234ABCD
Running Permanent Activation Key: 0x0037exxx 0x482ffyyy 0x04718yyy 0xaad48xxx 0x49343xxx
Configuration register is 0x1
Image type                : Release
Key Version               : A
Configuration last modified by PeteLong at 13:50:02.750 GMT Tue Mar 26 2019

Petes-ASA#

[/box]

Related Articles, References, Credits, or External Links

NA

Find out your Cisco ASA version (Operating system and ASDM)

KB ID 0000690 

Problem

With all the command changes that have come in in the past few versions, it seems when I get asked ‘how do you do xyz?” my first question is ‘What is the OS version on your ASA?’

So next time I get a blank look, I can just point them here.

Also see: ASA 5505 Determine Your License Version

Solution

Get your ASA version and ASDM version from the ASDM.

1. Connect to the ASA via ASDM.

2. Home > Device Dashboard > Device Information.

Get your ASA version and ASDM version from Command Line.

1. Connect to the ASA via CLI.

2. Execute the following command;

[box]show ver[/box]

Note: This is the shortened version of ‘show version‘.

To download new ASA software go here, (Note: Valid Cisco Warranty/SmartNet, and CCO account required to download software).

Related Articles, References, Credits, or External Links

Connecting to and Managing Cisco Firewalls

Cisco ASA5500 Update System and ASDM (From ASDM)

Cisco ASA5500 Update System and ASDM (From CLI)