Solved: Can ASA5555 License transfer to Cisco Firepower 2100 ASA?

Jobs2024 · ‎10-09-2024

Hi,

We are migrating Cisco ASA5555 to Cisco Firepower 2100 ASA, is it possible to transfer the license that we have on the ASA5555 to the new Cisco Firepower 2100 ASA? if it is, can you please share the Steps and Procedure on how we can do that.

Thank you

Marvin Rhoads · ‎10-10-2024

All the licenses listed as enabled there (except AnyConnect Premium) are included in the no-cost ASA base license that comes with every ASA on all platforms. So there's no need to "transfer" - just register your new ASA to your Smart License portal with a token and it will show those features as licensed. (Make to to check the box to enable export-controlled features so that the 3DES-AES licenses is enabled as well).

The AnyConnect licenses I already mentioned in my earlier reply.

View solution in original post

Marvin Rhoads · ‎10-11-2024

@Jobs2024 just check for the "Encryption-3DES-AES" to be enabled on the new device when you look at "show version".

View solution in original post

Marvin Rhoads · ‎10-10-2024

Any Firepower service module licenses on your ASA 5555-X are not applicable with ASA running on Firepower hardware.

AnyConnect / Secure client licenses are independent of the platform and can be shared across multiple devices (except for the seldom used AnyConnect perpetual licenses). For AC, you would just need to convert the current PAK-based license to Smart.

The only other optional licenses that would possibly make sense are multi context licenses. Those are not transferable.

Jobs2024 · ‎10-10-2024

Hi Marvin,

Thank you so much for the response on my question, Im just bit confused so perpetual license cannot be transferred on our new Firepower 2100 ASA?

here is our license on our ASA5555-X

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 500 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

Thank you so much for the help, really much appreciated if you can confirm. thank you

Marvin Rhoads · ‎10-10-2024

All the licenses listed as enabled there (except AnyConnect Premium) are included in the no-cost ASA base license that comes with every ASA on all platforms. So there's no need to "transfer" - just register your new ASA to your Smart License portal with a token and it will show those features as licensed. (Make to to check the box to enable export-controlled features so that the 3DES-AES licenses is enabled as well).

The AnyConnect licenses I already mentioned in my earlier reply.

Jobs2024 · ‎10-10-2024

Hi Marvin,

Thank you so much for the informative response. Regarding the export-controlled features you mentioned, is there a CLI command that I can use to check and enable it? as Im working on the device only via CLI. thank you so much

Marvin Rhoads · ‎10-11-2024

@Jobs2024 just check for the "Encryption-3DES-AES" to be enabled on the new device when you look at "show version".

Jobs2024 · ‎11-06-2024

Hi Marvin, Thank you so much for the help on this. this resolved my issue. thanks

Marvin Rhoads · ‎11-07-2024

You're welcome. Please mark my answer as the accepted solution in that case.