Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Firepower 1120 Smart License registration fails

cinexor
Level 1
Level 1

‎07-14-2022 11:39 PM

Hello Fellow Cisco Community Members,

we have recently bought Firepower 1120 (FPR-1120). We are running ASA software on it. I have issue with registration via tokenid. 

Relevant config/output snippets:

service call-home
call-home
contact-email-addr admin@example.com
profile CiscoTAC-1
(...)
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http

FW/pri/act# ping tcp tools.cisco.com 443
Type escape sequence to abort.
No source specified. Pinging from identity interface.
Sending 5 TCP SYN requests to 72.163.4.38 port 443
from 10.10.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/116/116 ms

debug ssl / smart license:

sch_module: processing license(Smart License) Smart Licensing
sch_module: processing license(Smart License) Smart Licensing
sch_module: Dispatching license event.
sch_module: Message(180) license(Smart License) to https://tools.cisco.com/its/service/oddce/services/DDCEService queued for transmission
sch_module: Start dispatch rate limit timer
sch_dispatcher: [1] dispatching license message to https://tools.cisco.com/its/service/oddce/services/DDCEService
sch_dispatcher: Dispatch to destination https://tools.cisco.com/its/service/oddce/services/DDCEService
sch_dispatcher: Opening dispatch channel: httpc/13/72.163.4.38/443/ssl/verify/sch//
sch_dispatcher: Opened dispatch channel: httpc/13/72.163.4.38/443/ssl/verify/sch//
sch_dispatcher: upload 4869 bytes
error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available@s23_clnt.c:657
sch_dispatcher: http request to https://tools.cisco.com/its/service/oddce/services/DDCEService failed, rc -1
sch_dispatcher: [1] Dispatch message(180) license to https://tools.cisco.com/its/service/oddce/services/DDCEService failed: CONNECT_FAILED(35)
sch_dispatcher: No response to licensing message

In the show version I can see I do not have 3DES/AES license. Could it be related to that as it is ssl debug says "SSL23_CLIENT_HELLO:no ciphers available"?

If this is the case how can I apply license if I am not able to connect to cisco registration service?

Thanks in advance!

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic