07-14-2022 11:39 PM
Hello Fellow Cisco Community Members,
we have recently bought Firepower 1120 (FPR-1120). We are running ASA software on it. I have issue with registration via tokenid.
Relevant config/output snippets:
service call-home
call-home
contact-email-addr admin@example.com
profile CiscoTAC-1
(...)
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
FW/pri/act# ping tcp tools.cisco.com 443
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 72.163.4.38 port 443
from 10.10.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/116 ms
debug ssl / smart license:
sch_module: processing license(Smart License) Smart Licensing
sch_module: processing license(Smart License) Smart Licensing
sch_module: Dispatching license event.
sch_module: Message(180) license(Smart License) to https://tools.cisco.com/its/service/oddce/services/DDCEService queued for transmission
sch_module: Start dispatch rate limit timer
sch_dispatcher: [1] dispatching license message to https://tools.cisco.com/its/service/oddce/services/DDCEService
sch_dispatcher: Dispatch to destination https://tools.cisco.com/its/service/oddce/services/DDCEService
sch_dispatcher: Opening dispatch channel: httpc/13/72.163.4.38/443/ssl/verify/sch//
sch_dispatcher: Opened dispatch channel: httpc/13/72.163.4.38/443/ssl/verify/sch//
sch_dispatcher: upload 4869 bytes
error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available@s23_clnt.c:657
sch_dispatcher: http request to https://tools.cisco.com/its/service/oddce/services/DDCEService failed, rc -1
sch_dispatcher: [1] Dispatch message(180) license to https://tools.cisco.com/its/service/oddce/services/DDCEService failed: CONNECT_FAILED(35)
sch_dispatcher: No response to licensing message
In the show version I can see I do not have 3DES/AES license. Could it be related to that as it is ssl debug says "SSL23_CLIENT_HELLO:no ciphers available"?
If this is the case how can I apply license if I am not able to connect to cisco registration service?
Thanks in advance!
Solved! Go to Solution.