03-10-2017 03:33 AM
Hi,
i have an issue with my two brand new 5506-x firewalls.
I have purchased some additional features, 2x IPS, AMP and URL 3yrs and 25 anyconnect .
I received the PAK numbers and added them to my account.
They are still unfulfilled though.
To fulfill them i need the License Key from my ASA.
i followed previous posts in this section that advise to go in ASDM>Firepower management and retrive the key.
My ASA unfortunately doesn't have Firepower services active and the immage is not in Disk 0: so i assume is not installed.
I tried to download them from the website only to find out that i'm not authorized as i don't have a contract...
Now, while i have purchased a contract, i don't have the details just yet, these kind of feature should be available by default especially if is needed to activate the additional features that i paid for.
is there any other way to find my device license key?
thanks for your help!
03-10-2017 03:37 AM
Hello Paolo,
Refer the following link to get the license key .
https://supportforums.cisco.com/discussion/12574886/how-get-license-key-asdm-asa-5506-x-5508-x-and-5516-x-box-management
Rate if this helps.
Regards
Jetsy
03-10-2017 03:39 AM
Hello Paolo,
If the Firepower is not yet installed in the ASA with proper images of .pkg and .img , then you wont be able to find the license key since there wont be any Firepower configuration tab itself.
http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html
Regards
Jetsy
03-10-2017 03:47 AM
Also if you have any entitlement issues with downloading the required softwares ,you have to reach out to the Cisco Entitlement team.
Once they associate the contract , then you will be able to download the required images.
03-10-2017 04:37 AM
i've been in contact wit TAC, basically they said to get in touch when i have the support contract sorted..
i will have the contract by monday as we have already purchased it, the supplier didn't include it by mistake.
i guess it is correct that i cannot download from the website as i have yet to register any contract for an ASA 5506-X.
Point is shouldn't need a support contract just to activate additional features, that have been purchased separately.
the devices should come with the image preinstalled, i suppose..
I cannot even activate the CTRL license that came in the box at this stage.
beside the temporary irritation, i want to understand how to get out of this loop if in the future i'll find myself in the same situation but without a support contract to rely on.
again this is purely informational at this stage as i will get it sorted with TAC as soon as i get the contract sorted.
EDIT:
i found out that i can actually activate the AnyConnect license as unlike the CRTL and IPS,AMP, etc it only requires the Serial Number of the device.
Still i don get how i would get out of this loop without a support contract.
03-10-2017 06:54 PM
On an ASA 5506-X with FirePOWER services the module should indeed come pre-installed. You can verify it via "show module" on the ASA command line interface. The version may be a bit old as they don't update the manufacturing build that often, but it should still be installed and usable.
You do, however, still need to perform the initial bootstrapping setup on the module itself apart from what you do the ASA parent image. For that you can follow the Quick Start Guide.
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html
Once you have the IP address etc all setup, you can connect to the module as part of your ASDM connection. When ASDM connects, it pulls the information that the FirePOWER module has been setup (i.e. something like what you would see with "show modue sfr detail") and uses that to pull the information into the ASDM GUI and expose all the bits you need to install licenses, create policies etc.
No services entitlement is required for any of the above.
As you noted, you can redeem and install your AnyConnect license without a service entitlement. You should still, however, download and install the latest AnyConnect packages from cisco.com once you get the entitlement assigned to you. The latest AnyConnect 4.4.01054 is what's currently recommended. (That will require your entitlement to be assigned.)
https://software.cisco.com/download/release.html?mdfid=286281283&flowid=72322&softwareid=282364313&release=4.4.01054&relind=AVAILABLE&rellifecycle=&reltype=latest
The same concept applies to FirePOWER - I'd reimage the module to the current version (6.2) before doing much of anything with it.
https://software.cisco.com/download/release.html?mdfid=286283326&flowid=77251&softwareid=286277393&release=6.1.0&relind=AVAILABLE&rellifecycle=&reltype=latest
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide