11-21-2012 02:21 AM - edited 02-21-2020 04:47 AM
Hi,
I have ASA505 with 3DES disabled, i heard that i can have the 3DES license without fee, so i contacted cisco more than 10 times to have the license, and every time they send me the same licence as my parmanent base key: 5321ec6e 102e534b fc21e96c 841c8ca8 ce1727aa
I don't understand the problem, here is the show activation key output:
Running Permanent Activation Key:
0x5321ec6e 0x102e534b 0xfc21e96c 0x841c8ca8 0xce1727aa
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 50 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Disabled perpetual
SSL VPN Peers : 2 perpetual
Total VPN Peers : 10 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
AnyConnect Essentials : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
The flash permanent activation key is the SAME as the running permanent key.
And the license key that cisco send me every time isexactely the same but it should activate the 3DES encryption algorithm:
Inside Hosts : 50
Failover : Disabled
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : Default
GTP/GPRS : Disabled
AnyConnect Premium Peers : Default
Other VPN Peers : Default
Advanced Endpoint Assessment : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
Shared License : Disabled
UC Phone Proxy Sessions : Default
Total UC Proxy Sessions : Default
AnyConnect Essentials : Disabled
Botnet Traffic Filter : Disabled
Intercompany Media Engine : Disabled
Platform = asa
JMX152040DW: 5321ec6e 102e534b fc21e96c 841c8ca8 ce1727aa
Can someone tell me where is the problem please?
Thank you in advance.
Solved! Go to Solution.
12-20-2012 01:11 PM
Result of the command: "show tech-support"
Cisco Adaptive Security Appliance Software Version 8.3(2)
Device Manager Version 6.3(2)
Compiled on Fri 30-Jul-10 20:17 by builders
System image file is "disk0:/asa832-npe-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 11 days 12 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
It has all requirements.
I'm trying to find how to update my firewall using ASDM GUI...
12-20-2012 01:26 PM
Yes, your memory is good.
To update via the GUI, Choose "Tools, Upgrade Software from Local Computer". In the dialog box that pops up pick "Image to upload" as ASA (not the default APCF) and then browse to your local copy of the new software. It will then upload the file using https to your ASA disk0, ask you if you want to make this the new boot image (choose yes) and then ask if you want to reload and upgrade now.
Remember the updated ASDM (asdm-711.bin) will give you the most functionality with the new release. You should follow the similar process to get it on the ASA, choosing instead ASDM from the "Image to Upload" drop down menu. You won't have to reload the ASA itself after you do that, only the ASDM client.
12-21-2012 11:31 AM
I update the ASA with asa911-k8.bin correctly.
But after i reloaded to install the new ASDM, i got message showig that the ASA 9.1 is not supported by ASDM 6.
After i could not connect to firewall using ASDM, i tryed the ssh:
I uploaded the asdm file asdm-711-52.bin, and when i try to make it default, i got an error:
ciscoasa# asdm image disk0:/asdm-711-52.bin
^
ERROR: % Invalid input detected at '^' marker.
The command is wrong ?
I proceeded using this article:
Here is some output:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asdm-711-52.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17790720 bytes copied in 37.990 secs (480830 bytes/sec)
ciscoasa# show disk0:
--#-- --length-- -----date/time------ path
154 15962112 May 13 2011 14:12:22 asa832-npe-k8.bin
155 2048 Apr 02 2012 20:21:40 syslog
191 0 Apr 02 2012 20:21:40 syslog/LOG-2012-04-02-202141.TXT
156 2048 Jan 01 1980 01:00:00 FSCK0000.REC
20 2048 May 13 2011 14:13:36 coredumpinfo
21 59 Dec 20 2012 23:25:36 coredumpinfo/coredump.cfg
157 14457072 May 13 2011 14:14:22 asdm-632.bin
10 2048 May 13 2011 14:15:34 log
19 2048 Aug 06 2012 15:43:38 crypto_archive
193 410212 Aug 06 2012 15:43:38 crypto_archive/crypto_arch_1.bin
158 27260928 Dec 20 2012 23:18:18 asa911-k8.bin
159 4096 Jan 01 1980 01:00:00 FSCK0001.REC
161 4096 Jan 01 1980 01:00:00 FSCK0002.REC
162 12998641 May 13 2011 14:19:40 csd_3.5.2008-k9.pkg
163 2048 May 13 2011 14:19:42 sdesktop
195 1462 May 13 2011 14:19:42 sdesktop/data.xml
164 6487517 May 13 2011 14:19:44 anyconnect-macosx-i386-2.5.2014-k9.pkg
165 6689498 May 13 2011 14:19:46 anyconnect-linux-2.5.2014-k9.pkg
166 4678691 May 13 2011 14:19:48 anyconnect-win-2.5.2014-k9.pkg
167 4096 Jan 01 1980 01:00:00 FSCK0003.REC
168 4096 Jan 01 1980 01:00:00 FSCK0004.REC
169 6144 Jan 01 1980 01:00:00 FSCK0005.REC
170 6144 Jan 01 1980 01:00:00 FSCK0006.REC
171 6144 Jan 01 1980 01:00:00 FSCK0007.REC
172 22528 Jan 01 1980 01:00:00 FSCK0008.REC
173 38912 Jan 01 1980 01:00:00 FSCK0009.REC
174 34816 Jan 01 1980 01:00:00 FSCK0010.REC
175 43008 Jan 01 1980 01:00:00 FSCK0011.REC
176 2048 Jan 01 1980 01:00:00 FSCK0012.REC
177 26624 Jan 01 1980 01:00:00 FSCK0013.REC
178 2048 Jan 01 1980 01:00:00 FSCK0014.REC
179 26624 Jan 01 1980 01:00:00 FSCK0015.REC
180 2048 Jan 01 1980 01:00:00 FSCK0016.REC
181 26624 Jan 01 1980 01:00:00 FSCK0017.REC
182 2048 Jan 01 1980 01:00:00 FSCK0018.REC
183 26624 Jan 01 1980 01:00:00 FSCK0019.REC
184 2048 Jan 01 1980 01:00:00 FSCK0020.REC
120 6791 Dec 21 2012 19:30:48 8_3_2_0_startup_cfg.sav
185 568 Dec 20 2012 23:25:36 upgrade_startup_errors_201212202225.log
186 568 Dec 21 2012 17:39:28 upgrade_startup_errors_201212211639.log
189 568 Dec 21 2012 19:30:56 upgrade_startup_errors_201212211830.log
190 17790720 Dec 21 2012 20:19:06 asdm-711-52.bin
128704512 bytes total (21164032 bytes free)
ciscoasa# asdm image disk0:/asdm-711-52.bin
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa# asdm ?
disconnect Specify ASDM session id to be disconnected after this keyword
Can you help me please ?
PS: resolved by entring the command: conf t
12-21-2012 12:10 PM
Yeeeesssssss!
The problem is solved!
Upgraded ASA version from 6.3(2) to 7.1(1) 52
Upgraded ASDM version from 8.3(2) to 9.1(1)
And result: the 3DES enabled like a charm:
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(1)52
Compiled on Wed 28-Nov-12 10:38 by builders
System image file is "disk0:/asa911-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 11 mins 51 secs
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is e8b7.4836.9f54, irq 11
1: Ext: Ethernet0/0 : address is e8b7.4836.9f4c, irq 255
2: Ext: Ethernet0/1 : address is e8b7.4836.9f4d, irq 255
3: Ext: Ethernet0/2 : address is e8b7.4836.9f4e, irq 255
4: Ext: Ethernet0/3 : address is e8b7.4836.9f4f, irq 255
5: Ext: Ethernet0/4 : address is e8b7.4836.9f50, irq 255
6: Ext: Ethernet0/5 : address is e8b7.4836.9f51, irq 255
7: Ext: Ethernet0/6 : address is e8b7.4836.9f52, irq 255
8: Ext: Ethernet0/7 : address is e8b7.4836.9f53, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 50 perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JMX152040DW
Running Permanent Activation Key: 0x5321ec6e 0x102e534b 0xfc21e96c 0x841c8ca8 0xce1727aa
Configuration register is 0x1
Configuration last modified by enable_15 at 20:56:49.179 CET Fri Dec 21 2012
Last thing please, do i have to delete the old asa and asdm files from firewall ? (asa832-npe-k8.bin and
asdm-632.bin)
Thank you so much Mr Marvin Rhoads
12-21-2012 01:28 PM
You're welcome Houari. I'm glad it worked out well for you.
Yes you can delete the old ASA and ASDM binary images if eerything is working OK on the new images.
You can also delete all of those fsck____.rec files (file system check records - usually due to the box reloading after software having crashed or being shut down by hard power off).
The "upgrade_startup_errors: fiules can also be deleted once you've reviewed them for any issues reported during the upgrade process. (You can look at those plain text files from CLI with the command "more" followed by the filename.)
Thanks for the ratings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide