Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7497
Views
10
Helpful
3
Replies

ASA on FXOS chassis licensing problem

Go to solution
mike kao
Level 1
Level 1

‎09-22-2016 01:14 AM - edited ‎03-12-2019 01:18 AM

Hi,

I'm trying to enable license smart, but meet some error messages.

Then type show version display "Encryption-3DES-AES               : Enabled   ", is this really enabled?

And what is "*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *" mean?

asa(config)# license smart
    INFO: License(s) corresponding to an entitlement will be activated only after an entitlement request has been authorized.

asa(config-smart-lic)# feat tier standard
    The requested entitlement configuration is cached on this unit. Please un-configure the entitlement first.

asa(config-smart-lic)# feat strong
    ERROR: Please acquire a valid feature tier entitlement before configuring add-on entitlements.

asa(config-smart-lic)# sh ver

Cisco Adaptive Security Appliance Software Version 9.6(2)
Device Manager Version 7.6(2)

Compiled on Tue 23-Aug-16 19:42 PDT by builders
System image file is "disk0:/fxos-lfbff-k8.9.6.1.109.SPA"
Config file at boot was "startup-config"

asa up 1 hour 5 mins

SSP Slot Number: 1

Hardware:   FPR4K-SM-24, 117197 MB RAM, CPU Xeon E5 series 2194 MHz, 2 CPUs (48 cores)

Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x1)
                             Boot microcode        : CN35x-MC-Boot-0001
                             SSL/IKE microcode     : CNN35x-MC-SSL-0014
                             IPSec microcode       : CNN35x-MC-IPSEC-0005
                             Number of accelerators: 2

4099: Int: Internal-Data0/0    : address is 0015.a500.00bf, irq 11
4101: Int: Internal-Data0/1    : address is 0015.a500.00ff, irq 5
4102: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0

License mode: Smart Licensing
              
Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled     

asa# show license entitlement

No entitlements in use


***************************************************************************
*                                 WARNING                                 *
*                                                                         *
*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *
*                                                                         *
***************************************************************************

asa# show license features
Serial Number:  FLM2011XXXX
Export Compliant: NO

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled        
              

Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled        


***************************************************************************
*                                 WARNING                                 *
*                                                                         *
*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *
*                                                                         *
***************************************************************************

6 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-22-2016 08:21 PM

I'm not exactly sure what you're trying to add.

If your system was ordered with 3DES-AES license, it  will already have feature tier standard. It does not need to be added again via smart licensing.

Your "show license features" output conforms the 3DES-AES license is active.

The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-22-2016 08:21 PM

I'm not exactly sure what you're trying to add.

If your system was ordered with 3DES-AES license, it  will already have feature tier standard. It does not need to be added again via smart licensing.

Your "show license features" output conforms the 3DES-AES license is active.

The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.

Go to solution
mike kao
Level 1
Level 1
In response to Marvin Rhoads

‎09-25-2016 12:03 AM

The problem was resolved.

Because of the ASA clustering was configured but all interface down.

After connect a switch then ASA clustering and licensing are normal.

0 Helpful

Go to solution
puneiccnetwork
Level 1
Level 1
In response to mike kao

‎11-07-2018 02:59 AM

Hi Team,

I am facing the same issue but We have not configured clustering in our environment. Is it mandatory to configure for licensing ?

 

We have 2 ASA deployed as Logical device in ASA 4140 but they are in separate DC. We have configured normal HA fail over inside the device any specific clustering is not enabled at FTD level. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card