Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2499
Views
10
Helpful
7
Replies

cisco ASA 5525 Lic issue IPSEC

Go to solution
yogesh1
Level 1
Level 1

‎05-01-2019 12:21 AM

Hi ALL,

 

I have cisco 5525 in my network environment & basically there is only IPSEC site to site tunnel is configured.

So please let me know how i can i check lic expiry for this IPSEC service on ASA.

Also i am new to ASA so don't know either there is any specific lic is required for this service or not ?

 

PANASONIC-CPT-ASA1#
PANASONIC-CPT-ASA1#
PANASONIC-CPT-ASA1# sh ver
PANASONIC-CPT-ASA1# sh version

Cisco Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)
Device Manager Version 7.8(2)

Compiled on Sun 27-Aug-17 13:13 PDT by builders
System image file is "disk0:/asa982-smp-k8.bin"
Config file at boot was "startup-config"

PANASONIC-CPT-ASA1 up 38 days 15 hours

Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
ASA: 4191 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4


0: Int: Internal-Data0/0 : address is 780c.f0ad.dc2d, irq 11
1: Ext: GigabitEthernet0/0 : address is 780c.f0ad.dc32, irq 5
2: Ext: GigabitEthernet0/1 : address is 780c.f0ad.dc2e, irq 5
3: Ext: GigabitEthernet0/2 : address is 780c.f0ad.dc33, irq 10
4: Ext: GigabitEthernet0/3 : address is 780c.f0ad.dc2f, irq 10
5: Ext: GigabitEthernet0/4 : address is 780c.f0ad.dc34, irq 5
6: Ext: GigabitEthernet0/5 : address is 780c.f0ad.dc30, irq 5
7: Ext: GigabitEthernet0/6 : address is 780c.f0ad.dc35, irq 10
8: Ext: GigabitEthernet0/7 : address is 780c.f0ad.dc31, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is 780c.f0ad.dc2d, irq 0
13: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual

This platform has an ASA5525 VPN Premium license.

Serial Number: FCH221871KE
Running Permanent Activation Key: 0x3a1fdc52 0xf4335f2d 0xe5c32d90 0xe15034d4 0x872af89d
Configuration register is 0x1

Image type : Release
Key version : A

Configuration last modified by enable_15 at 16:13:04.202 UTC Wed Apr 17 2019
PANASONIC-CPT-ASA1#
PANASONIC-CPT-ASA1#

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to yogesh1

‎05-01-2019 01:48 AM

Yes, perpetual license just have a one off purchase cost. They are not subscription based.

 

Cheers,

Seb.

View solution in original post

7 Replies 7

Go to solution
Sheraz.Salim
VIP
VIP

‎05-01-2019 12:57 AM - edited ‎05-01-2019 12:59 AM

you have This platform has an ASA5525 VPN Premium license. so there is no lic expiration. By default ASA out of the box does support IPSEC site-to-site vpn. you only need buy anyconnect lice. however, as of base lice they come with a complementery 2 anyconnect lic.

 

Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual

 

in your case you dont have to worry. you are running a Premimum licence which is for life time.

 

 

 

please do not forget to rate.

Go to solution
yogesh1
Level 1
Level 1
In response to Sheraz.Salim

‎05-01-2019 01:34 AM

Dear Sheraz,

 

I have two 5505 also & that also showing perpetual lic so that is also fine & there is no issue of lic expiry. ?

 

Firewall 1

 

PMMZA-ASA5505# sh version

Cisco Adaptive Security Appliance Software Version 9.1(7)32
Device Manager Version 7.6(1)

Compiled on Tue 04-Sep-18 08:37 by builders
System image file is "disk0:/asa917-32-k8.bin"
Config file at boot was "startup-config"

PMMZA-ASA5505 up 161 days 17 hours

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Int: Internal-Data0/0 : address is f4cf.e213.a50f, irq 11
1: Ext: Ethernet0/0 : address is f4cf.e213.a507, irq 255
2: Ext: Ethernet0/1 : address is f4cf.e213.a508, irq 255
3: Ext: Ethernet0/2 : address is f4cf.e213.a509, irq 255
4: Ext: Ethernet0/3 : address is f4cf.e213.a50a, irq 255
5: Ext: Ethernet0/4 : address is f4cf.e213.a50b, irq 255
6: Ext: Ethernet0/5 : address is f4cf.e213.a50c, irq 255
7: Ext: Ethernet0/6 : address is f4cf.e213.a50d, irq 255
8: Ext: Ethernet0/7 : address is f4cf.e213.a50e, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JMX1851Z0NF
Running Permanent Activation Key: 0xf43afe60 0xa8931b81 0xec811134 0xa2b4a4d0 0xcf263eb8
Configuration register is 0x1
Configuration last modified by enable_15 at 23:16:01.272 UTC Tue Mar 12 2019
PMMZA-ASA5505#
PMMZA-ASA5505#
PMMZA-ASA5505#

 

 

Firewall 2

 

PMMZA-RPC-ASA-5505# sh ver
PMMZA-RPC-ASA-5505# sh version

Cisco Adaptive Security Appliance Software Version 9.2(3)
Device Manager Version 7.4(2)

Compiled on Mon 15-Dec-14 04:10 by builders
System image file is "disk0:/asa923-k8.bin"
Config file at boot was "startup-config"

PMMZA-RPC-ASA-5505 up 163 days 4 hours

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2_05
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Int: Internal-Data0/0 : address is 84b8.02f2.83d8, irq 11
1: Ext: Ethernet0/0 : address is 84b8.02f2.83d0, irq 255
2: Ext: Ethernet0/1 : address is 84b8.02f2.83d1, irq 255
3: Ext: Ethernet0/2 : address is 84b8.02f2.83d2, irq 255
4: Ext: Ethernet0/3 : address is 84b8.02f2.83d3, irq 255
5: Ext: Ethernet0/4 : address is 84b8.02f2.83d4, irq 255
6: Ext: Ethernet0/5 : address is 84b8.02f2.83d5, irq 255
7: Ext: Ethernet0/6 : address is 84b8.02f2.83d6, irq 255
8: Ext: Ethernet0/7 : address is 84b8.02f2.83d7, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : 50 perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5505 Security Plus license.

Serial Number: JMX1918Z0FK
Running Permanent Activation Key: 0xef3ff567 0x10a5b541 0x6db27950 0xc62038e4 0x 4701df97
Configuration register is 0x1
Configuration last modified by enable_15 at 10:39:45.407 UTC Wed Feb 27 2019
PMMZA-RPC-ASA-5505#
PMMZA-RPC-ASA-5505#
PMMZA-RPC-ASA-5505#

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎05-01-2019 01:00 AM

Hi there,

The key piece of information is:

Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual

 

...this shows your device permits 750 IPSec lan-to-lan or remote access VPNs (ie legacy pre-anyconnect). It is perpetual so there is no renewal.

 

cheers,

Seb.

 

0 Helpful

Go to solution
yogesh1
Level 1
Level 1
In response to Seb Rupik

‎05-01-2019 01:33 AM

Dear Seb,

 

I have two 5505 also & that also showing perpetual lic so that is also fine & there is no issue of lic expiry.

 

Firewall 1

 

PMMZA-ASA5505# sh version

Cisco Adaptive Security Appliance Software Version 9.1(7)32
Device Manager Version 7.6(1)

Compiled on Tue 04-Sep-18 08:37 by builders
System image file is "disk0:/asa917-32-k8.bin"
Config file at boot was "startup-config"

PMMZA-ASA5505 up 161 days 17 hours

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Int: Internal-Data0/0 : address is f4cf.e213.a50f, irq 11
1: Ext: Ethernet0/0 : address is f4cf.e213.a507, irq 255
2: Ext: Ethernet0/1 : address is f4cf.e213.a508, irq 255
3: Ext: Ethernet0/2 : address is f4cf.e213.a509, irq 255
4: Ext: Ethernet0/3 : address is f4cf.e213.a50a, irq 255
5: Ext: Ethernet0/4 : address is f4cf.e213.a50b, irq 255
6: Ext: Ethernet0/5 : address is f4cf.e213.a50c, irq 255
7: Ext: Ethernet0/6 : address is f4cf.e213.a50d, irq 255
8: Ext: Ethernet0/7 : address is f4cf.e213.a50e, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JMX1851Z0NF
Running Permanent Activation Key: 0xf43afe60 0xa8931b81 0xec811134 0xa2b4a4d0 0xcf263eb8
Configuration register is 0x1
Configuration last modified by enable_15 at 23:16:01.272 UTC Tue Mar 12 2019
PMMZA-ASA5505#
PMMZA-ASA5505#
PMMZA-ASA5505#

 

 

Firewall 2

 

PMMZA-RPC-ASA-5505# sh ver
PMMZA-RPC-ASA-5505# sh version

Cisco Adaptive Security Appliance Software Version 9.2(3)
Device Manager Version 7.4(2)

Compiled on Mon 15-Dec-14 04:10 by builders
System image file is "disk0:/asa923-k8.bin"
Config file at boot was "startup-config"

PMMZA-RPC-ASA-5505 up 163 days 4 hours

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2_05
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Int: Internal-Data0/0 : address is 84b8.02f2.83d8, irq 11
1: Ext: Ethernet0/0 : address is 84b8.02f2.83d0, irq 255
2: Ext: Ethernet0/1 : address is 84b8.02f2.83d1, irq 255
3: Ext: Ethernet0/2 : address is 84b8.02f2.83d2, irq 255
4: Ext: Ethernet0/3 : address is 84b8.02f2.83d3, irq 255
5: Ext: Ethernet0/4 : address is 84b8.02f2.83d4, irq 255
6: Ext: Ethernet0/5 : address is 84b8.02f2.83d5, irq 255
7: Ext: Ethernet0/6 : address is 84b8.02f2.83d6, irq 255
8: Ext: Ethernet0/7 : address is 84b8.02f2.83d7, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : 50 perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5505 Security Plus license.

Serial Number: JMX1918Z0FK
Running Permanent Activation Key: 0xef3ff567 0x10a5b541 0x6db27950 0xc62038e4 0x 4701df97
Configuration register is 0x1
Configuration last modified by enable_15 at 10:39:45.407 UTC Wed Feb 27 2019
PMMZA-RPC-ASA-5505#
PMMZA-RPC-ASA-5505#
PMMZA-RPC-ASA-5505#

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to yogesh1

‎05-01-2019 01:48 AM

Yes, perpetual license just have a one off purchase cost. They are not subscription based.

 

Cheers,

Seb.

Go to solution
yogesh1
Level 1
Level 1
In response to Seb Rupik

‎05-01-2019 02:01 AM

Dear Seb,

Thanks for your strong response.
0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to yogesh1

‎05-01-2019 02:05 AM

No problem, please mark this question as answered ;)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card