Solved: Re: ASA5505-50-BUN-K9 3DES license problem - Page 2

Houari DALI YOUCEF · ‎11-21-2012

Hi,

I have ASA505 with 3DES disabled, i heard that i can have the 3DES license without fee, so i contacted cisco more than 10 times to have the license, and every time they send me the same licence as my parmanent base key: 5321ec6e 102e534b fc21e96c 841c8ca8 ce1727aa

I don't understand the problem, here is the show activation key output:

Running Permanent Activation Key: 
0x5321ec6e 0x102e534b 0xfc21e96c 0x841c8ca8 0xce1727aa

Licensed features for this platform:

Maximum Physical Interfaces    : 8              perpetual

VLANs                          : 3              DMZ Restricted

Dual ISPs                      : Disabled       perpetual

VLAN Trunk Ports               : 0              perpetual

Inside Hosts                   : 50             perpetual

Failover                       : Disabled       perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Disabled       perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 10             perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

This platform has a Base license.

The flash permanent activation key is the SAME as the running permanent key.

And the license key that cisco send me every time isexactely the same but it should activate the 3DES encryption algorithm:

Inside Hosts                    : 50

Failover                        : Disabled

Encryption-DES                  : Enabled

Encryption-3DES-AES             : Enabled

Security Contexts               : Default

GTP/GPRS                        : Disabled

AnyConnect Premium Peers        : Default

Other VPN Peers                 : Default

Advanced Endpoint Assessment    : Disabled

AnyConnect for Mobile           : Disabled

AnyConnect for Cisco VPN Phone  : Disabled

Shared License                  : Disabled

UC Phone Proxy Sessions         : Default

Total UC Proxy Sessions         : Default

AnyConnect Essentials           : Disabled

Botnet Traffic Filter           : Disabled

Intercompany Media Engine       : Disabled

Platform = asa

JMX152040DW: 5321ec6e 102e534b fc21e96c 841c8ca8 ce1727aa

Can someone tell me where is the problem please?

Thank you in advance.

Houari DALI YOUCEF · ‎12-20-2012

Result of the command: "show tech-support"

Cisco Adaptive Security Appliance Software Version 8.3(2)

Device Manager Version 6.3(2)

Compiled on Fri 30-Jul-10 20:17 by builders

System image file is "disk0:/asa832-npe-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 11 days 12 hours

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW016 @ 0xfff00000, 2048KB

It has all requirements.

I'm trying to find how to update my firewall using ASDM GUI...

Marvin Rhoads · ‎12-20-2012

Yes, your memory is good.

To update via the GUI, Choose "Tools, Upgrade Software from Local Computer". In the dialog box that pops up pick "Image to upload" as ASA (not the default APCF) and then browse to your local copy of the new software. It will then upload the file using https to your ASA disk0, ask you if you want to make this the new boot image (choose yes) and then ask if you want to reload and upgrade now.

Remember the updated ASDM (asdm-711.bin) will give you the most functionality with the new release. You should follow the similar process to get it on the ASA, choosing instead ASDM from the "Image to Upload" drop down menu. You won't have to reload the ASA itself after you do that, only the ASDM client.

Houari DALI YOUCEF · ‎12-21-2012

I update the ASA with asa911-k8.bin correctly.

But after i reloaded to install the new ASDM, i got message showig that the ASA 9.1 is not supported by ASDM 6.

After i could not connect to firewall using ASDM, i tryed the ssh:

I uploaded the asdm file asdm-711-52.bin, and when i try to make it default, i got an error:

ciscoasa# asdm image disk0:/asdm-711-52.bin

^

ERROR: % Invalid input detected at '^' marker.

The command is wrong ?

I proceeded using this article:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml#maintask2

Here is some output:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Writing file disk0:/asdm-711-52.bin...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

17790720 bytes copied in 37.990 secs (480830 bytes/sec)

ciscoasa# show disk0:

--#-- --length-- -----date/time------ path

154 15962112 May 13 2011 14:12:22 asa832-npe-k8.bin

155 2048 Apr 02 2012 20:21:40 syslog

191 0 Apr 02 2012 20:21:40 syslog/LOG-2012-04-02-202141.TXT

156 2048 Jan 01 1980 01:00:00 FSCK0000.REC

20 2048 May 13 2011 14:13:36 coredumpinfo

21 59 Dec 20 2012 23:25:36 coredumpinfo/coredump.cfg

157 14457072 May 13 2011 14:14:22 asdm-632.bin

10 2048 May 13 2011 14:15:34 log

19 2048 Aug 06 2012 15:43:38 crypto_archive

193 410212 Aug 06 2012 15:43:38 crypto_archive/crypto_arch_1.bin

158 27260928 Dec 20 2012 23:18:18 asa911-k8.bin

159 4096 Jan 01 1980 01:00:00 FSCK0001.REC

161 4096 Jan 01 1980 01:00:00 FSCK0002.REC

162 12998641 May 13 2011 14:19:40 csd_3.5.2008-k9.pkg

163 2048 May 13 2011 14:19:42 sdesktop

195 1462 May 13 2011 14:19:42 sdesktop/data.xml

164 6487517 May 13 2011 14:19:44 anyconnect-macosx-i386-2.5.2014-k9.pkg

165 6689498 May 13 2011 14:19:46 anyconnect-linux-2.5.2014-k9.pkg

166 4678691 May 13 2011 14:19:48 anyconnect-win-2.5.2014-k9.pkg

167 4096 Jan 01 1980 01:00:00 FSCK0003.REC

168 4096 Jan 01 1980 01:00:00 FSCK0004.REC

169 6144 Jan 01 1980 01:00:00 FSCK0005.REC

170 6144 Jan 01 1980 01:00:00 FSCK0006.REC

171 6144 Jan 01 1980 01:00:00 FSCK0007.REC

172 22528 Jan 01 1980 01:00:00 FSCK0008.REC

173 38912 Jan 01 1980 01:00:00 FSCK0009.REC

174 34816 Jan 01 1980 01:00:00 FSCK0010.REC

175 43008 Jan 01 1980 01:00:00 FSCK0011.REC

176 2048 Jan 01 1980 01:00:00 FSCK0012.REC

177 26624 Jan 01 1980 01:00:00 FSCK0013.REC

178 2048 Jan 01 1980 01:00:00 FSCK0014.REC

179 26624 Jan 01 1980 01:00:00 FSCK0015.REC

180 2048 Jan 01 1980 01:00:00 FSCK0016.REC

181 26624 Jan 01 1980 01:00:00 FSCK0017.REC

182 2048 Jan 01 1980 01:00:00 FSCK0018.REC

183 26624 Jan 01 1980 01:00:00 FSCK0019.REC

184 2048 Jan 01 1980 01:00:00 FSCK0020.REC

120 6791 Dec 21 2012 19:30:48 8_3_2_0_startup_cfg.sav

185 568 Dec 20 2012 23:25:36 upgrade_startup_errors_201212202225.log

186 568 Dec 21 2012 17:39:28 upgrade_startup_errors_201212211639.log

189 568 Dec 21 2012 19:30:56 upgrade_startup_errors_201212211830.log

190 17790720 Dec 21 2012 20:19:06 asdm-711-52.bin

128704512 bytes total (21164032 bytes free)

ciscoasa# asdm image disk0:/asdm-711-52.bin

^

ERROR: % Invalid input detected at '^' marker.

ciscoasa# asdm ?

disconnect Specify ASDM session id to be disconnected after this keyword

Can you help me please ?

PS: resolved by entring the command: conf t

Houari DALI YOUCEF · ‎12-21-2012

Yeeeesssssss!

The problem is solved!

Upgraded ASA version from 6.3(2) to 7.1(1) 52

Upgraded ASDM version from 8.3(2) to 9.1(1)

And result: the 3DES enabled like a charm:

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 9.1(1)

Device Manager Version 7.1(1)52

Compiled on Wed 28-Nov-12 10:38 by builders

System image file is "disk0:/asa911-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 11 mins 51 secs

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08

Number of accelerators: 1

0: Int: Internal-Data0/0 : address is e8b7.4836.9f54, irq 11

1: Ext: Ethernet0/0 : address is e8b7.4836.9f4c, irq 255

2: Ext: Ethernet0/1 : address is e8b7.4836.9f4d, irq 255

3: Ext: Ethernet0/2 : address is e8b7.4836.9f4e, irq 255

4: Ext: Ethernet0/3 : address is e8b7.4836.9f4f, irq 255

5: Ext: Ethernet0/4 : address is e8b7.4836.9f50, irq 255

6: Ext: Ethernet0/5 : address is e8b7.4836.9f51, irq 255

7: Ext: Ethernet0/6 : address is e8b7.4836.9f52, irq 255

8: Ext: Ethernet0/7 : address is e8b7.4836.9f53, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8 perpetual

VLANs : 3 DMZ Restricted

Dual ISPs : Disabled perpetual

VLAN Trunk Ports : 0 perpetual

Inside Hosts : 50 perpetual

Failover : Disabled perpetual

Encryption-DES : Enabled perpetual

Encryption-3DES-AES : Enabled perpetual

AnyConnect Premium Peers : 2 perpetual

AnyConnect Essentials : Disabled perpetual

Other VPN Peers : 10 perpetual

Total VPN Peers : 12 perpetual

Shared License : Disabled perpetual

AnyConnect for Mobile : Disabled perpetual

AnyConnect for Cisco VPN Phone : Disabled perpetual

Advanced Endpoint Assessment : Disabled perpetual

UC Phone Proxy Sessions : 2 perpetual

Total UC Proxy Sessions : 2 perpetual

Botnet Traffic Filter : Disabled perpetual

Intercompany Media Engine : Disabled perpetual

Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JMX152040DW

Running Permanent Activation Key: 0x5321ec6e 0x102e534b 0xfc21e96c 0x841c8ca8 0xce1727aa

Configuration register is 0x1

Configuration last modified by enable_15 at 20:56:49.179 CET Fri Dec 21 2012

Last thing please, do i have to delete the old asa and asdm files from firewall ? (asa832-npe-k8.bin and

asdm-632.bin)

Thank you so much Mr Marvin Rhoads

Marvin Rhoads · ‎12-21-2012

You're welcome Houari. I'm glad it worked out well for you.

Yes you can delete the old ASA and ASDM binary images if eerything is working OK on the new images.

You can also delete all of those fsck____.rec files (file system check records - usually due to the box reloading after software having crashed or being shut down by hard power off).

The "upgrade_startup_errors: fiules can also be deleted once you've reviewed them for any issues reported during the upgrade process. (You can look at those plain text files from CLI with the command "more" followed by the filename.)

Thanks for the ratings.

ASA5505-50-BUN-K9 3DES license problem [Resolved]