05-29-2012 05:33 AM - edited 03-10-2019 05:41 AM
Hi,
Hope someone can help me.
I recently ordered an ASA5512-X without IDS and want to take advantage of the 60 day trial licence to see whether to buy 5512-X instead of 5510s in the future. I have applied for, and received, trial licences from Cisco and these have been received as 2x .LIC files. Rather confusingly, the two emails show the products are "IPS-Trial" and "IPS trial license"
Within the emails with each licence file, the instructions say to access the IPS using either IDM or the command line to upload these files. Looking through the quick-start guide (http://www.cisco.com/en/US/docs/security/asa/quick_start/ips/ips_qsg.html) it says the IPS is available using management0/0 with the IP address 192.168.1.2 but I cannot get any response from this IP address. Similarly, if I try to contact the IPS from the command line, I get the following:
ciscoasa# session ips
Opening command session with module ips.
Module ips did not respond to session request.
Am I missing something here? If I do a "sh ver", the licenced features show the IPS as disabled:
IPS Module : Disabled perpetual
So, is there a third licence with an activation tuple needed to enable this for 60 days? If so, where do I apply for this? My reseller are being less than helpful but that's a different story.
Any help gratefully appreciated!
Thanks,
Stuart
05-30-2012 02:07 PM
For the 5500-X integrated platform, there are two license that will be required to enable IPS. First, you will need the IPS feature license for the ASA. This will allow you to redirect traffic to the IPS for inspection. Second, you will need an IPS signature license to allow you to update the IPS to the latest signature package. In both cases, the serial # that you want to reference when requesting the license keys will be the one found in the "sh version" or "sh inventory" output.
Because the ASA was ordered without the IPS enabled, you will need to take one additional step in order to get the IPS online. Below is a quick overview of the steps:
Feel free to PM me the license keys if you want me to check out what you have. Alternatively, you can open up a case with TAC so we can help you out.
06-11-2012 04:43 AM
Hi,
Thanks for the assistance. Sorry for the delay in replying.
In the end, I contacted licencing, who have raised a service request with TAC (SR 622003745).
Thanks,
Stuart
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: