Solved: Re: Remove Actviation Key for ASA 5520

johnlloyd_13 · ‎03-15-2019

hi,

i got a pair of ASA 5520 that i want to enable HA-active/standby. since ASA 8.2 requires both units to have identical licenses, i'm unable to enable HA due to anyconnect essentials license not enabled on the primary/active unit.

is there any way to disable or remove the anyconnect essentials on the standby unit in order to have failover/HA? factory reset?

ciscoasa(config)# Mate's license (AnyConnect Essentials Disabled) is not compatible with my license (AnyConnect Essentials Enabled). Failover will be disabled.

ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(5)

Device Manager Version 6.4(5)

Compiled on Fri 20-May-11 16:00 by builders

System image file is "disk0:/asa825-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 28 days 10 hours

Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: GigabitEthernet0/0 : address is f866.f2b1.491e, irq 9

1: Ext: GigabitEthernet0/1 : address is f866.f2b1.491f, irq 9

2: Ext: GigabitEthernet0/2 : address is f866.f2b1.4920, irq 9

3: Ext: GigabitEthernet0/3 : address is f866.f2b1.4921, irq 9

4: Ext: Management0/0 : address is f866.f2b1.4922, irq 11

5: Int: Not used : irq 11

6: Int: Not used : irq 5

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 150

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

SSL VPN Peers : 2

Total VPN Peers : 750

Shared License : Disabled

AnyConnect for Mobile : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials : Enabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions : 2

Total UC Proxy Sessions : 2

Botnet Traffic Filter : Disabled

This platform has an ASA 5520 VPN Plus license.

Marvin Rhoads · ‎03-16-2019

You have the default 2 SSL VPN licenses, nothing additional:

SSL VPN Peers : 2

You cannot remove those.

View solution in original post

balaji.bandi · ‎03-15-2019

Cisco Adaptive Security Appliance Software Version 8.2(5)

Above code is too old and no support as per i know, why not take this apportunity and upgrae to latest stable. so you have good support.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

johnlloyd_13 · ‎03-15-2019

hi,

HW upgrade is not an option for now due to budget constraint and this is in a very remote location (not a priority). that's why an alternative was to temporarily enable HA while waiting for resource/budget approval.

Marvin Rhoads · ‎03-15-2019

As far as I know you cannot "remove" the activation key per se. If you do a complete factory reset it will effectively do it but your would need console access to rebuild your configuration from scratch.

If you can upgrade the software to 8.3+ you can form an HA pair without the same licensing on each unit.

The recommended version for an ASA 5520 would be 9.1(7)32: https://software.cisco.com/download/home/279916878/type/280775065/release/9.1.7%20Interim

johnlloyd_13 · ‎03-15-2019

hi marvin,

thanks for confirming my thought of doing a factory reset.

will try to do it. have a great weekend!

johnlloyd_13 · ‎03-15-2019

hi marvin,

i just did a factory reset both using 'config factory-default' and 'write erase' and 'reload' but the anyconnect essentials license is still there. any thoughts?

(config)# config factory-default
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface management0/0
Executing command: nameif management
INFO: Security level for "management" set to 0 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 management
Executing command: dhcpd address 192.168.1.2-192.168.1.254 management
Executing command: dhcpd enable management
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)#
ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 29 days 12 hours

Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: GigabitEthernet0/0 : address is f866.f2b1.491e, irq 9
1: Ext: GigabitEthernet0/1 : address is f866.f2b1.491f, irq 9
2: Ext: GigabitEthernet0/2 : address is f866.f2b1.4920, irq 9
3: Ext: GigabitEthernet0/3 : address is f866.f2b1.4921, irq 9
4: Ext: Management0/0 : address is f866.f2b1.4922, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1619X123
Running Activation Key: 0x291bff73 0xa43798a6 0xb9809d80 0xfce4a060 0x4418c123
Configuration register is 0x1
Configuration last modified by enable_15 at 09:07:47.052 UTC Sat Mar 16 2019

ciscoasa(config)# wr er
Erase configuration in flash memory? [confirm]
[OK]
ciscoasa(config)# reload
System config has been modified. Save? [Y]es/[N]o:
Proceed with reload? [confirm]
ciscoasa(config)#

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Enabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled

This platform has an ASA 5520 VPN Plus license.

Marvin Rhoads · ‎03-16-2019

You have the default 2 SSL VPN licenses, nothing additional:

SSL VPN Peers : 2

You cannot remove those.