Re: Cisco ASA 5510 Needs Security Plus License Upgrade help

noleguy83 · ‎10-01-2018

All,

I have taken over supervising a network ( I am not a dedicated IT person or cisco trained)

Once of the things I was told was the firewall base license was making all interface connections 100m instead of 1000m.

I have also read that the security plus upgrade would allow 2 interfaces to run at 1000m.

Here is a paste of sh ver

Can i just but the license and put in the activation key? Or are there other steps. Also should I worry about this upgrade causing issues considering my software/patch versions?

Thanks I am a total newb...

Result of the command: "sh ver"

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 7.0(2)

Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 1 year 18 days

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: Ethernet0/0         : address is 503d.e506.295e, irq 9
1: Ext: Ethernet0/1         : address is 503d.e506.295f, irq 9
2: Ext: Ethernet0/2         : address is 503d.e506.2960, irq 9
3: Ext: Ethernet0/3         : address is 503d.e506.2961, irq 9
4: Ext: Management0/0       : address is 503d.e506.295d, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 50
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 0
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Enabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Enabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has a Base license.

Serial Number: ############
Running Activation Key: 0xe011ee5d 0x4c6b338f 0x89f00d20 0xe4e82c48 0x032ec18a
Configuration register is 0x1
Configuration last modified by at 15:22:54.905 UTC Mon Sep 17 2018

balaji.bandi · ‎10-01-2018

You follow standard license upgrade procedure. but make sure you take backup apply new license in change window.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/license.html#wp1365300

8.2 is bit old, suggest to upgrade to 9.X for better feature and lot of bug fix.

but it is not straight forward upgrade from 8.2 to 9.X need to go upgrade path and lot of command syntax changed also.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎10-01-2018

The original post asks these questions:

Can i just but the license and put in the activation key? Or are there other steps. Also should I worry about this upgrade causing issues considering my software/patch versions?

And here are my answers:

- after you purchase the license and get the activation key then yes you just input the activation key.

- as far as the license is concerned there are no other steps.

- as far as the license is concerned there is not any reason to worry about the upgrade of license causing issues because of your software version.

The ASA5510 Base license does have some limitations on performance. And the Plus license does relax some of these limitations. So it may be worth while acquiring and implementing the license. As BB points out you are running an old version of code. So it is a natural reaction for some of us to recommend going to a more recent version of code. And in the abstract I agree that running a newer version of code is better than running the version that you have. But upgrading from 8.2 to 8.3 or anything more recent is a major step. If anything I believe that the advice from BB understates the complexity of the upgrade. Based on the way that the original poster describes himself I would advise that you not undertake the upgrade (unless your company is prepared to hire a contractor to assist with the upgrade).

HTH

Rick

HTH

Rick

noleguy83 · ‎10-02-2018

Thank you all for the help.

Yes I know upgrading to new newer versions is needed. And we may do so (through a technician that we hire later)

I have found the upgrade for sale at CDW among other places. Any reason to suspect that it would not work since the firewall is no longer supported?

noleguy83 · ‎10-02-2018

Thanks,

I agree we should do that. I may look for someone to hire to do so.

Marvin Rhoads · ‎10-01-2018

The ASA 5510 is way past end of sales and is just past end of life (no TAC support etc.) on 30 September 2018.

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eol_C51-727283.html

I don't think you can even purchase the Security Plus licenses anymore.

noleguy83 · ‎10-02-2018

Thank you all for the help.

I have found the upgrade for sale at CDW among other places. Any reason to suspect that it would not work?

I know we may need to look at upgrade options but that is much further in the future.

Marvin Rhoads · ‎10-02-2018

I'd be careful buying the license for a past-end-of-sales product. You may have difficulty redeeming the PAK with Cisco. Make sure the vendor gives you some kind of assurance.

noleguy83 · ‎10-02-2018

Thanks, I will definitely do that.