10-25-2019 06:21 PM
I have a pair of 4110s, and I had a problem SSHing to the logical ASA's. Having looked at the licensing, it appears that the "Encryption-3DES-AES" is disabled, which is causing it to only accept SSHv1 connections. The problem is, i don't have access to the internet or smart license, show version:
License mode: Smart Licensing Licensed features for this platform: Maximum Physical Interfaces : Unlimited Maximum VLANs : 1024 Inside Hosts : Unlimited Failover : Active/Active Encryption-DES : Enabled Encryption-3DES-AES : Disabled Security Contexts : 10 Carrier : Disabled AnyConnect Premium Peers : 10000 AnyConnect Essentials : Disabled Other VPN Peers : 10000 Total VPN Peers : 10000 AnyConnect for Mobile : Enabled AnyConnect for Cisco VPN Phone : Enabled Advanced Endpoint Assessment : Enabled Shared License : Disabled Total TLS Proxy Sessions : 10000 Cluster : Enabled
and i tried to request license from licensing portal but it gives error "unknown product type"
Solved! Go to Solution.
10-27-2019 08:06 PM
The license type you need to request is known as Permanent License Reservation (PLR).
You have to request your account be made eligible for this license type as Cisco will do some export control eligibility verifications etc. before approving it.
A PLR license does not require Internet access for the licensed device(s). Setting it up (once approved) is described here:
10-26-2019 03:02 PM
What output on the 4110 are you using for the serial number are you using to request the license?
Alternately you could contact cisco licensing@cisco.com an ask for assistance.
10-26-2019 03:44 PM
how to request license and it accepts only smart license. it is not like the old ASA appliances to request PAK file. so what i can tell licensing@cisco.com?
10-27-2019 01:35 AM - edited 10-27-2019 01:43 AM
Just give Licensing the serial number of the old and new devices as well as your smart account info and that you need the 3des-AES strong encryption license
10-27-2019 03:49 PM
the problem i don't have access to the internet. actually i don't know why cisco did that. it is not logic to be able to ssh to the device i get license, any other firewalls don't have the same issue. and smart license is the worst thing ever.
@Marius Gunnerud wrote:Just give Licensing the serial number of the old and new devices as well as your smart account info and that you need the 3des-AES strong encryption license
10-27-2019 08:06 PM
The license type you need to request is known as Permanent License Reservation (PLR).
You have to request your account be made eligible for this license type as Cisco will do some export control eligibility verifications etc. before approving it.
A PLR license does not require Internet access for the licensed device(s). Setting it up (once approved) is described here:
01-27-2020 12:10 AM
Hello Marvin,
thank you for your reply. it is good solution if we don't have internet access and we have request this license from the beginning before getting the standard license.
thanks,
04-12-2024 06:58 AM
Is Cisco support required for this?
Or if they have a lab unit but no support on it can this still be achieved?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide