Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 - 7.0(8) Base. no management-only -> license restriction?

Dear all,

A little problem with our ASA5510 running 7.0(8) in routed mode.

Previouslt all was working without problems on the management0/0 interface, set as no management-only.

Now after a device reload the interface set itself back to "management-only" and this can't seem to be reversed.

Trying to do a "no management-only" gives:

ERROR: The port is for management-only due to license restriction.

AFAIK this is not a license restriction since this was working correct before the reload.

Can anyone give any tips on how to get this interface out of management-only?

Thank you very much.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Not too sure how it was working before with base license as you would need security plus license for earlier version of code. I believe with base license, version 7.2.4 is the first version that supports "no management-only" on the management interface. I would recommend that you upgrade to the latest version of 7.2.x or 8.0.5. However, if you are using the SSL VPN, please kindly be advised that from version 8.0 forward, you would only have 2 default SSL VPN license.

6 REPLIES
Cisco Employee

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

ASA was probably not running version 7.0.8 before as I believe the higher version of ASA does not have restriction on the management interface anymore. I believe what happened was after the reload, the ASA got downgraded to version 7.0.8 because "boot system" was either not configured, or it was configured with version 7.0.8, hence it got downgraded after the reload.

If you check the output of "show flash", it should provide you with what version of ASA it has in the flash, and you can upgrade the ASA accordingly, and the management interface should work.

Community Member

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Thank you halijenn,

That makes a lot of sense, unfortunately I checked and there is no version (other than 7.0.8) on the device.

asa# sh ver | in image
System image file is "disk0:/asa708-k8.bin"

asa# dir /a /r all

Directory of disk0:/*

6      -rw-  5548032     00:05:32 Jan 01 2003  asa708-k8.bin

7      -rw-  4181246     00:05:50 Jan 01 2003  securedesktop-asa-3.2.1.103-k9.pk

g

8      -rw-  398305      00:06:02 Jan 01 2003  sslclient-win-1.1.0.154.pkg

10     -rw-  6163744     00:22:34 Mar 23 2010  asdm-508.bin

Directory of disk0:/crypto_archive

No files in directory

255426560 bytes total (239050752 bytes free)

Directory of system:/*

1      ----  0           00:00:00 Jan 01 1970  running-config

No space information available

Do you have any other clues?

Thanks again, Jan.

Cisco Employee

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Do you have base license or security plus license before?

Can you share a copy of the show version?

Community Member

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Hi halijenn,

The ASA has never had a secplus license, just base.

Here's the show version:

asa# sh ver

Cisco Adaptive Security Appliance Software Version 7.0(8)

Device Manager Version 5.0(8)

Compiled on Sat 31-May-08 23:48 by builders

System image file is "disk0:/asa708-k8.bin"

Config file at boot was "startup-config"

asa up 4 hours 4 mins

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2

                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: Ethernet0/0         : address is 0027.0df9.8b7e, irq 9

1: Ext: Ethernet0/1         : address is 0027.0df9.8b7f, irq 9

2: Ext: Ethernet0/2         : address is 0027.0df9.8b80, irq 9

3: Ext: Not licensed        : irq 9

4: Ext: Management0/0       : address is 0027.0df9.8b82, irq 11

5: Int: Not used            : irq 11

6: Int: Not used            : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 4

Maximum VLANs               : 10

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled

VPN-3DES-AES                : Enabled

Security Contexts           : 0

GTP/GPRS                    : Disabled

VPN Peers                   : 50

This platform has a Base license.

Serial Number: JMX1413L088

Running Activation Key: 0x5539ed60 0x6cb6a745 0x48428d74 0xaa84747c 0x83263982

Configuration register is 0x1

Configuration last modified by enable_15 at 08:13:57.970 GMT/BDT Wed Aug 4 2010

asa#

Thank you, Jan.

Cisco Employee

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Not too sure how it was working before with base license as you would need security plus license for earlier version of code. I believe with base license, version 7.2.4 is the first version that supports "no management-only" on the management interface. I would recommend that you upgrade to the latest version of 7.2.x or 8.0.5. However, if you are using the SSL VPN, please kindly be advised that from version 8.0 forward, you would only have 2 default SSL VPN license.

Community Member

Re: ASA 5510 - 7.0(8) Base. no management-only -> license restri

Thank you halijenn.

Although it's very odd that there isn't a version that supports this in flash. I'll see if I can get it upgraded.

I really appreciate your input on this!

1476
Views
0
Helpful
6
Replies
CreatePlease to create content