We use botnet filter on several of our ASAs in production. The time based licenses will run out soon, and I'm wondering how to renew them.
My service coordinator says that the service agreement with Cisco is renewed, but that the PAK numbers won't change. (I've tried inserting the same PAK on the license portal, but it says it's already been used).
Meanwhile, the time based license continues to count down. Does anyone know how I'm supposed to update the license?
In my head I would expect Cisco sending a new PAK for the next year. Who's wrong, my service coordinator or me? :)
Hope the below mentioned details would clarify your queries.
Time-Based License Expiration
When the current license for a feature expires, the adaptive security appliance automatically activates an installed license of the same feature if available. If there are no other time-based licenses available for the feature, then the permanent license is used.
If you have more than one additional time-based license installed for a feature, then the adaptive security appliance uses the first license it finds; which license is used is not user-configurable and depends on internal operations. If you prefer to use a different time-based license than the one the adaptive security appliance activated, then you must manually activate the license you prefer. See the "Activating or Deactivating Keys" section.
For example, you have a time-based 2500-session SSL VPN license (active), a time-based 1000-session SSL VPN license (inactive), and a permanent 500-session SSL VPN license. While the 2500-session license expires, the adaptive security appliance activates the 1000-session license. After the 1000-session license expires, the adaptive security appliance uses the 500-session permanent license.
Yea, I've already read that. I googled it before posting here
Botnet filter is only available as a time-based license, so the ASA won't be able to roll back to a permanent license after the time expires.
So I know I need to renew the time-based license, but how is the procedure for that? I'm not using any license server, and I don't think the ASA checks with Cisco if the botnet filter is renewed automatically. This leaves me with the only option of manually installing a new activation key for the time-based license before the time expires.
Yeah. But on the license portal were you able to figure out the license expiration date update for the existing license... if it is already renewed with service agreement it should be reflecting in portal... if so you can check and download the update license. If not you can check with Cisco TAC on licensing support.
Also if you have an option to get the evaluation license... you can keep that for safer side... But i believe evaluation license might starts its count from the download date.
Also you can check with the product upgrade tool to find out the information related the service contract by providing your contract number with cisco.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :