cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15327
Views
10
Helpful
10
Replies

New ASA License not working ?

mbilgrav
Level 3
Level 3

Hello,

I have a ASA5550 setup with two boxes in HA

I have purchased AnyConnect Essentials for 5000 users for both boxes.

The box runs 8.4.2

I tried on one box to enter new activation key and rebooted the box.

Still the output of show version is the same !?

SSL VPN Peers                  : 2

Total VPN Peers                : 5000

Shared License                 : Disabled

AnyConnect for Mobile          : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials          : Disabled

Advanced Endpoint Assessment   : Disabled

If I re-enter the key it says same as running key ...

I then tried downgrade to 8.2.5, same same show version output ...

Did I miss something ? and if so what did I miss ?

regards

1 Accepted Solution

Accepted Solutions

Great findings... afterall it's user error

This certainly happens from time to time, great that you are able to find the issue.

Pls mark this post as answered as I am sure others who hit the same issue will be thankful for your answer.

View solution in original post

10 Replies 10

Jennifer Halim
Cisco Employee
Cisco Employee

Once you have entered the activation key, please also configure the following for anyconnect essential license to take effect:

webvpn

   anyconnect-essentials

Hope this helps.

This you can only do when the ASA has the license shown as enabled.

My did this:

1. order AC-ess license

2. Activated PAK code with Serialnumber and got email with new Act-key.

3. Type in new key and rebooted.

The AC-ess still shows as disabled ...

This is true for both 825 and 842 ASA code.

(config-webvpn)# anyconnect-essentials

ERROR: Command requires AnyConnect Essentials license

Show ver:

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 400            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Enabled        perpetual

Security Contexts                 : 2              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 5000           perpetual

Total VPN Peers                   : 5000           perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

Thanks for the clarification.

I am assuming that after you enter the activation code, you save the config "wr mem" before reloading the ASA?

If you have saved the config prior to reload and it's still not activated, then I would request for the activation key to be rehost by licensing@cisco.com

Email licensing@cisco.com, and give them the current status of "show version" from both ASAs which would include the serial# of the ASA, and also the PAK code, and request for activation key to be rehost as the one issued does not work.

yes - i did save runningconfig

I also tried typeing in the new key again, and it says same as running key, so the key itselfs are ok, but the license is not ...

I call TAC today, since I have had a SR open for 5 days and nothing has happend ...

They said I will get a return call inwith one hour ...(!)

I hope so ...

LOL

I need to read the fine-print ....

This is a snip from my license e-mail:

------------------------------------------

THE FOLLOWING ACTIVATION KEY IS VALID FOR:

ASA SOFTWARE RELEASE 8.2+ ONLY.

Platform = asa

*SERIAL*:    11111 22222 33333 44444 555591

------------------------------------------

THE FOLLOWING ACTIVATION KEY IS VALID FOR:

ALL ASA SOFTWARE RELEASES, BUT EXCLUDES ANY 8.2+ FEATURES FOR BACKWARDS COMPATIBILITY.

Platform = asa

*SERIAL*:    11111 22222 33333 44444 5555be

Installing Your Cisco Adaptive Security Appliance Activation Key

Step 1.  From the command line interface (CLI), enter configuration mode using the "conf t" command.

Step 2.  Type the "activation-key" command, and then, when prompted, enter the new activation key listed above.

Note:  For some new license settings to take effect a system reboot may be required.Software License Agreement

PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE.

So now you get TWO different keys, and depending upon version and the feature, you will have to choose one.

I choose wrongly ... aperantly AC Ess. is a 8.2+ feature ...

hence you need the FIRST key in the email - NOT the second one ...

So now you know ...

Great findings... afterall it's user error

This certainly happens from time to time, great that you are able to find the issue.

Pls mark this post as answered as I am sure others who hit the same issue will be thankful for your answer.

Quick Question Jennifer Halim , is this a definite requirement to have AnyConnect Essentials enabled to configure SSL Client Less or with Client VPN ?

I mean what is the purpose of AnyConnect Essentials license ?

The thread is 6 years old and license types have changed as of Anyconnect 4.x.

 

Essentials is now mapped (more or less) to AnyConnect Plus. The old Premium is now Apex. A given ASA runs one or the other type (and never both). (There's also a third type known as VPN Only which is not used as frequently.)

 

Either can do client-based remote access VPN. Apex is required for clientless.

When I try to activate this is what I get.

SA5506X(config)# activation-key 11111111 22222222 333333333 44444444 55555555
Validating activation key. This may take a few minutes...
The requested key is the SAME as the flash permanent activation-key.
The flash activation key will not be modified.

 

Anyone know why I getting this message ????

Please start a new thread with the details of your current license as well as the ones you are attempting to add.