08-04-2010 12:19 AM - edited 03-11-2019 11:20 AM
Dear all,
A little problem with our ASA5510 running 7.0(8) in routed mode.
Previouslt all was working without problems on the management0/0 interface, set as no management-only.
Now after a device reload the interface set itself back to "management-only" and this can't seem to be reversed.
Trying to do a "no management-only" gives:
ERROR: The port is for management-only due to license restriction.
AFAIK this is not a license restriction since this was working correct before the reload.
Can anyone give any tips on how to get this interface out of management-only?
Thank you very much.
Solved! Go to Solution.
08-04-2010 05:45 AM
Not too sure how it was working before with base license as you would need security plus license for earlier version of code. I believe with base license, version 7.2.4 is the first version that supports "no management-only" on the management interface. I would recommend that you upgrade to the latest version of 7.2.x or 8.0.5. However, if you are using the SSL VPN, please kindly be advised that from version 8.0 forward, you would only have 2 default SSL VPN license.
08-04-2010 02:51 AM
ASA was probably not running version 7.0.8 before as I believe the higher version of ASA does not have restriction on the management interface anymore. I believe what happened was after the reload, the ASA got downgraded to version 7.0.8 because "boot system" was either not configured, or it was configured with version 7.0.8, hence it got downgraded after the reload.
If you check the output of "show flash", it should provide you with what version of ASA it has in the flash, and you can upgrade the ASA accordingly, and the management interface should work.
08-04-2010 03:14 AM
Thank you halijenn,
That makes a lot of sense, unfortunately I checked and there is no version (other than 7.0.8) on the device.
asa# sh ver | in image
System image file is "disk0:/asa708-k8.bin"
asa# dir /a /r all
Directory of disk0:/*
6 -rw- 5548032 00:05:32 Jan 01 2003 asa708-k8.bin
7 -rw- 4181246 00:05:50 Jan 01 2003 securedesktop-asa-3.2.1.103-k9.pk
g
8 -rw- 398305 00:06:02 Jan 01 2003 sslclient-win-1.1.0.154.pkg
10 -rw- 6163744 00:22:34 Mar 23 2010 asdm-508.bin
Directory of disk0:/crypto_archive
No files in directory
255426560 bytes total (239050752 bytes free)
Directory of system:/*
1 ---- 0 00:00:00 Jan 01 1970 running-config
No space information available
Do you have any other clues?
Thanks again, Jan.
08-04-2010 03:18 AM
Do you have base license or security plus license before?
Can you share a copy of the show version?
08-04-2010 03:41 AM
Hi halijenn,
The ASA has never had a secplus license, just base.
Here's the show version:
asa# sh ver
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"
asa up 4 hours 4 mins
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0 : address is 0027.0df9.8b7e, irq 9
1: Ext: Ethernet0/1 : address is 0027.0df9.8b7f, irq 9
2: Ext: Ethernet0/2 : address is 0027.0df9.8b80, irq 9
3: Ext: Not licensed : irq 9
4: Ext: Management0/0 : address is 0027.0df9.8b82, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 4
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 50
This platform has a Base license.
Serial Number: JMX1413L088
Running Activation Key: 0x5539ed60 0x6cb6a745 0x48428d74 0xaa84747c 0x83263982
Configuration register is 0x1
Configuration last modified by enable_15 at 08:13:57.970 GMT/BDT Wed Aug 4 2010
asa#
Thank you, Jan.
08-04-2010 05:45 AM
Not too sure how it was working before with base license as you would need security plus license for earlier version of code. I believe with base license, version 7.2.4 is the first version that supports "no management-only" on the management interface. I would recommend that you upgrade to the latest version of 7.2.x or 8.0.5. However, if you are using the SSL VPN, please kindly be advised that from version 8.0 forward, you would only have 2 default SSL VPN license.
08-04-2010 06:33 AM
Thank you halijenn.
Although it's very odd that there isn't a version that supports this in flash. I'll see if I can get it upgraded.
I really appreciate your input on this!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: