Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7213
Views
5
Helpful
8
Replies

ASA-AWS - Warning: ASAv platform license state is Unlicensed

christaylor
Level 1
Level 1

‎07-07-2021 02:07 AM

Hi,

 

I have launched an ASAv from this AWS Marketplace product, https://aws.amazon.com/marketplace/pp/prodview-k3dpkteh6bgzi. I have tried both the 9.14.2.13 and 9.15.1.15 versions but I am seeing the following errors on both versions:

Warning: ASAv platform license state is Unlicensed.
Message #423 : Install ASAv platform license for full functionality.
Message #424 : Failure contacting AWS server; reason code 8
Message #425 : Failure contacting AWS server; reason code 8

 

We have this working in separate AWS accounts, however, these were set up last year and so are using a 9.13.x version of the ASA software which appears to be no longer available on the AWS Marketplace. All AWS environments are set up using Terraform so I am confident that the AWS side of things is all ok.

 

The ASA side of things is quite simple, it has 3 Elastic Network Adapters attached for management, inside and outside interfaces. All use DHCP to get their IPs and the outside interface has "ip address dhcp setroute" set. The ASA is used as the NAT device for servers in the inside interface subnet.

 

While all the above is working, the performance is really bad and I believe this is down to the product being unlicensed. When running "show version" I see...

License mode: AWS Licensing
License state: PROBATIONARY

 

Would this cause really slow performance? If so what can be done to troubleshoot failing to contact the AWS servers? Also, what server is it looking for and what does reason code 8 mean?

 

Any help at all would be greatly appreciated!

 

Many thanks,

Chris

4 people had this problem
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎07-07-2021 02:52 AM

what kind of deployment you have in AWS :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/asav/quick-start/asav-quick/asav-aws.html#12188

 

can you post below :

 

# show vm

# show License status (remove your serial or any confidential data)

#show verion

 

Note : as per the Licens show AWAS Licensing, so this tied with AWS provider License.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

christaylor
Level 1
Level 1
In response to balaji.bandi

‎07-07-2021 03:02 AM

Here are the output of the commands. "show license status" wasn't valid so I've given the output of "show license features"

 

show vm:

Virtual Platform Resource Status
--------------------------------
Number of vCPUs : 2
Processor Memory : 4096 MB
Hypervisor : KVMAWS
Region : us-east-1a
Instance Type : c5.large

Virtual Platform Resource Limits
--------------------------------
Connections : 100000
VLANs : 50
AnyConnect Premium Peers : 250
TLS Proxy Sessions : 500

 

show license features:
Serial Number: <REDACTED>

License mode: AWS Licensing
License state: PROBATIONARY

Licensed features for this platform:
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 2
Carrier : Disabled
AnyConnect Premium Peers : 2
AnyConnect Essentials : Disabled
Other VPN Peers : 250
Total VPN Peers : 250
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
Advanced Endpoint Assessment : Disabled
Shared License : Disabled
Total TLS Proxy Sessions : 2
Botnet Traffic Filter : Enabled
Cluster : Disabled

 

show version:
Cisco Adaptive Security Appliance Software Version 9.14(2)13
SSP Operating System Version 2.8(1.144)
Device Manager Version 7.14(1)

Compiled on Fri 05-Mar-21 04:04 GMT by builders
System image file is "boot:/asa9142-13-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 hours 33 mins

Hardware: ASAv, 4096 MB RAM, CPU Xeon 4100/6100/8100 series 3000 MHz, 1 CPU (2 cores)
Internal ATA Compact Flash, 11264MB
Slot 1: ATA Compact Flash, 11264MB
BIOS Flash Firmware Hub @ 0x1, 0KB


0: Ext: Management0/0 : address is 1206.9cd8.a469, irq 0
1: Ext: TenGigabitEthernet0/0: address is 121b.b0b9.3237, irq 0
2: Ext: TenGigabitEthernet0/1: address is 1290.2242.7497, irq 0
3: Int: Internal-Data0/0 : address is 0000.0100.0001, irq 0

License mode: AWS Licensing
License state: PROBATIONARY

Licensed features for this platform:
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 2
Carrier : Disabled
AnyConnect Premium Peers : 2
AnyConnect Essentials : Disabled
Other VPN Peers : 250
Total VPN Peers : 250
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
Advanced Endpoint Assessment : Disabled
Shared License : Disabled
Total TLS Proxy Sessions : 2
Botnet Traffic Filter : Enabled
Cluster : Disabled

Serial Number: <REDACTED>

Image type : Release
Key version : A

0 Helpful

steven.tang1
Level 1
Level 1

‎10-27-2021 11:52 PM

Is the ASAv throughput limited to 100Kbps as the license state is PROBATIONARY ?

0 Helpful

sloan
Level 1
Level 1

‎04-13-2022 07:13 AM

Has this been resolved? If so could you provide information on how it was resolved. We are facing the same issue with a device utilizing AWS Licensing.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sloan

‎04-13-2022 10:32 AM

@sloan if you use BYOL make sure your management interface has Internet access and that you enter the token from your software.cisco.com Smart license portal.

If you use Amazon licensing they should provision this for you.

sloan
Level 1
Level 1
In response to Marvin Rhoads

‎04-13-2022 10:36 AM

This is using Amazon licensing and the license has been provisioned however the ASAv is showing the following error and license status.

Syslog Message:

Failed to contact AWS license server, error code 8

 

License Status:

License mode: AWS Licensing
License state: PROBATIONARY

 

I have tried a reload but it didn't change anything. I check on the AWS side and the license is showing as listed to this instance id.

 

Thank you for the response. If you have any additional ideas would love the help.

 

Regards

 

 

 

 

0 Helpful

sloan
Level 1
Level 1

‎04-13-2022 01:44 PM

I was able to resolve this by completing a full stop of the instance and starting it back up. Upon reboot the license was installed once again and working as expected. For those that are using this model this may render helpful in the future if you encounter the same issue.

0 Helpful

christaylor
Level 1
Level 1

‎07-10-2024 06:27 AM

We managed to find out the cause for this issue. The ASAv requires IMDSv1 to get the license information, so if you have IMDSv2 set to required on the EC2 instance then the ASAv is unable to get the license information and it remains I a probationary state until the trial is over.

As soon as we set IMDSv2 to optional the ASAv was able to get the license information and changed to a licensed state.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card