09-22-2016 01:14 AM - edited 03-12-2019 01:18 AM
Hi,
I'm trying to enable license smart, but meet some error messages.
Then type show version display "Encryption-3DES-AES : Enabled ", is this really enabled?
And what is "* THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT *" mean?
asa(config)# license smart
INFO: License(s) corresponding to an entitlement will be activated only after an entitlement request has been authorized.
asa(config-smart-lic)# feat tier standard
The requested entitlement configuration is cached on this unit. Please un-configure the entitlement first.
asa(config-smart-lic)# feat strong
ERROR: Please acquire a valid feature tier entitlement before configuring add-on entitlements.
asa(config-smart-lic)# sh ver
Cisco Adaptive Security Appliance Software Version 9.6(2)
Device Manager Version 7.6(2)
Compiled on Tue 23-Aug-16 19:42 PDT by builders
System image file is "disk0:/fxos-lfbff-k8.9.6.1.109.SPA"
Config file at boot was "startup-config"
asa up 1 hour 5 mins
SSP Slot Number: 1
Hardware: FPR4K-SM-24, 117197 MB RAM, CPU Xeon E5 series 2194 MHz, 2 CPUs (48 cores)
Encryption hardware device : Cisco FP Crypto on-board accelerator (revision 0x1)
Boot microcode : CN35x-MC-Boot-0001
SSL/IKE microcode : CNN35x-MC-SSL-0014
IPSec microcode : CNN35x-MC-IPSEC-0005
Number of accelerators: 2
4099: Int: Internal-Data0/0 : address is 0015.a500.00bf, irq 11
4101: Int: Internal-Data0/1 : address is 0015.a500.00ff, irq 5
4102: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
License mode: Smart Licensing
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000
Botnet Traffic Filter : Enabled
Cluster : Enabled
asa# show license entitlement
No entitlements in use
***************************************************************************
* WARNING *
* *
* THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT *
* *
***************************************************************************
asa# show license features
Serial Number: FLM2011XXXX
Export Compliant: NO
License mode: Smart Licensing
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000
Botnet Traffic Filter : Enabled
Cluster : Enabled
Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000
Botnet Traffic Filter : Enabled
Cluster : Enabled
***************************************************************************
* WARNING *
* *
* THIS DEVICE IS NOT LICENSED WITH A VALID FEATURE TIER ENTITLEMENT *
* *
***************************************************************************
Solved! Go to Solution.
09-22-2016 08:21 PM
I'm not exactly sure what you're trying to add.
If your system was ordered with 3DES-AES license, it will already have feature tier standard. It does not need to be added again via smart licensing.
Your "show license features" output conforms the 3DES-AES license is active.
The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.
09-22-2016 08:21 PM
I'm not exactly sure what you're trying to add.
If your system was ordered with 3DES-AES license, it will already have feature tier standard. It does not need to be added again via smart licensing.
Your "show license features" output conforms the 3DES-AES license is active.
The only things you might add with a FirePOWER 4100 running ASA image (not FTD) would be AnyConnect and clustering.
09-25-2016 12:03 AM
The problem was resolved.
Because of the ASA clustering was configured but all interface down.
After connect a switch then ASA clustering and licensing are normal.
11-07-2018 02:59 AM
Hi Team,
I am facing the same issue but We have not configured clustering in our environment. Is it mandatory to configure for licensing ?
We have 2 ASA deployed as Logical device in ASA 4140 but they are in separate DC. We have configured normal HA fail over inside the device any specific clustering is not enabled at FTD level.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide