cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8188
Views
10
Helpful
3
Replies

ASA on FXOS chassis licensing problem

mike kao
Level 1
Level 1

Hi,

I'm trying to enable license smart, but meet some error messages.

Then type show version display "Encryption-3DES-AES               : Enabled   ", is this really enabled?

And what is "*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *" mean?

asa(config)# license smart
    INFO: License(s) corresponding to an entitlement will be activated only after an entitlement request has been authorized.

asa(config-smart-lic)# feat tier standard
    The requested entitlement configuration is cached on this unit. Please un-configure the entitlement first.

asa(config-smart-lic)# feat strong
    ERROR: Please acquire a valid feature tier entitlement before configuring add-on entitlements.

asa(config-smart-lic)# sh ver

Cisco Adaptive Security Appliance Software Version 9.6(2)
Device Manager Version 7.6(2)

Compiled on Tue 23-Aug-16 19:42 PDT by builders
System image file is "disk0:/fxos-lfbff-k8.9.6.1.109.SPA"
Config file at boot was "startup-config"

asa up 1 hour 5 mins

SSP Slot Number: 1

Hardware:   FPR4K-SM-24, 117197 MB RAM, CPU Xeon E5 series 2194 MHz, 2 CPUs (48 cores)

Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x1)
                             Boot microcode        : CN35x-MC-Boot-0001
                             SSL/IKE microcode     : CNN35x-MC-SSL-0014
                             IPSec microcode       : CNN35x-MC-IPSEC-0005
                             Number of accelerators: 2

4099: Int: Internal-Data0/0    : address is 0015.a500.00bf, irq 11
4101: Int: Internal-Data0/1    : address is 0015.a500.00ff, irq 5
4102: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0

License mode: Smart Licensing
              
Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled     

asa# show license entitlement

No entitlements in use


***************************************************************************
*                                 WARNING                                 *
*                                                                         *
*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *
*                                                                         *
***************************************************************************

asa# show license features
Serial Number:  FLM2011XXXX
Export Compliant: NO

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled        
              

Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      
Maximum VLANs                     : 1024           
Inside Hosts                      : Unlimited      
Failover                          : Active/Active  
Encryption-DES                    : Enabled        
Encryption-3DES-AES               : Enabled        
Security Contexts                 : 10             
Carrier                           : Disabled       
AnyConnect Premium Peers          : 20000          
AnyConnect Essentials             : Disabled       
Other VPN Peers                   : 20000          
Total VPN Peers                   : 20000          
AnyConnect for Mobile             : Enabled        
AnyConnect for Cisco VPN Phone    : Enabled        
Advanced Endpoint Assessment      : Enabled        
Shared License                    : Disabled       
Total TLS Proxy Sessions          : 15000          
Botnet Traffic Filter             : Enabled        
Cluster                           : Enabled        


***************************************************************************
*                                 WARNING                                 *
*                                                                         *
*    THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT    *
*                                                                         *
***************************************************************************

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

I'm not exactly sure what you're trying to add.

If your system was ordered with 3DES-AES license, it  will already have feature tier standard. It does not need to be added again via smart licensing.

Your "show license features" output conforms the 3DES-AES license is active.

The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

I'm not exactly sure what you're trying to add.

If your system was ordered with 3DES-AES license, it  will already have feature tier standard. It does not need to be added again via smart licensing.

Your "show license features" output conforms the 3DES-AES license is active.

The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.

The problem was resolved.

Because of the ASA clustering was configured but all interface down.

After connect a switch then ASA clustering and licensing are normal.

Hi Team,

I am facing the same issue but We have not configured clustering in our environment. Is it mandatory to configure for licensing ?

 

We have 2 ASA deployed as Logical device in ASA 4140 but they are in separate DC. We have configured normal HA fail over inside the device any specific clustering is not enabled at FTD level. 

Review Cisco Networking for a $25 gift card