New ASA License not working ?

Answered Question
Aug 10th, 2011

Hello,

I have a ASA5550 setup with two boxes in HA

I have purchased AnyConnect Essentials for 5000 users for both boxes.

The box runs 8.4.2

I tried on one box to enter new activation key and rebooted the box.

Still the output of show version is the same !?

SSL VPN Peers                  : 2

Total VPN Peers                : 5000

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Advanced Endpoint Assessment   : Disabled

If I re-enter the key it says same as running key ...

I then tried downgrade to 8.2.5, same same show version output ...

Did I miss something ? and if so what did I miss ?

regards

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 2 years 8 months ago

Great findings... afterall it's user error

This certainly happens from time to time, great that you are able to find the issue.

Pls mark this post as answered as I am sure others who hit the same issue will be thankful for your answer.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Jennifer Halim Sat, 08/13/2011 - 03:06

Once you have entered the activation key, please also configure the following for anyconnect essential license to take effect:

webvpn

   anyconnect-essentials

Hope this helps.

mbilgrav Mon, 08/15/2011 - 03:54

This you can only do when the ASA has the license shown as enabled.

My did this:

1. order AC-ess license

2. Activated PAK code with Serialnumber and got email with new Act-key.

3. Type in new key and rebooted.

The AC-ess still shows as disabled ...

This is true for both 825 and 842 ASA code.

(config-webvpn)# anyconnect-essentials

ERROR: Command requires AnyConnect Essentials license

Show ver:

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 400            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 5000           perpetual

Total VPN Peers                   : 5000           perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

Jennifer Halim Mon, 08/15/2011 - 05:15

Thanks for the clarification.

I am assuming that after you enter the activation code, you save the config "wr mem" before reloading the ASA?

If you have saved the config prior to reload and it's still not activated, then I would request for the activation key to be rehost by licensing@cisco.com

Email licensing@cisco.com, and give them the current status of "show version" from both ASAs which would include the serial# of the ASA, and also the PAK code, and request for activation key to be rehost as the one issued does not work.

mbilgrav Mon, 08/15/2011 - 05:42

yes - i did save runningconfig

I also tried typeing in the new key again, and it says same as running key, so the key itselfs are ok, but the license is not ...

I call TAC today, since I have had a SR open for 5 days and nothing has happend ...

They said I will get a return call inwith one hour ...(!)

I hope so ...

mbilgrav Mon, 08/15/2011 - 07:27

LOL

I need to read the fine-print ....

This is a snip from my license e-mail:

------------------------------------------

THE FOLLOWING ACTIVATION KEY IS VALID FOR:

ASA SOFTWARE RELEASE 8.2+ ONLY.

Platform = asa

*SERIAL*:    11111 22222 33333 44444 555591

------------------------------------------

THE FOLLOWING ACTIVATION KEY IS VALID FOR:

ALL ASA SOFTWARE RELEASES, BUT EXCLUDES ANY 8.2+ FEATURES FOR BACKWARDS COMPATIBILITY.

Platform = asa

*SERIAL*:    11111 22222 33333 44444 5555be

Installing Your Cisco Adaptive Security Appliance Activation Key

Step 1.  From the command line interface (CLI), enter configuration mode using the "conf t" command.

Step 2.  Type the "activation-key" command, and then, when prompted, enter the new activation key listed above.

Note:  For some new license settings to take effect a system reboot may be required.Software License Agreement

PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE.

So now you get TWO different keys, and depending upon version and the feature, you will have to choose one.

I choose wrongly ... aperantly AC Ess. is a 8.2+ feature ...

hence you need the FIRST key in the email - NOT the second one ...

So now you know ...

Correct Answer
Jennifer Halim Mon, 08/15/2011 - 17:05

Great findings... afterall it's user error

This certainly happens from time to time, great that you are able to find the issue.

Pls mark this post as answered as I am sure others who hit the same issue will be thankful for your answer.

Actions

Login or Register to take actions

This Discussion

Posted August 10, 2011 at 6:01 AM
Stats:
Replies:6 Avg. Rating:5
Views:1821 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard