Urgent, AnyConnect License error

peermarks · ‎04-20-2020

Dear All,

I obtained a "AnyConnect Plus/Apex(ASA) Demo License and Emergency COVID-19 Security Appliance activation key". I activated this key on my ASA 5505 and it shows the right number of (time limited) AnyConnect licenses. However if more than 2 users try to connect, the 3rd connection fails. Debug aaa shim states "license limit reached 2" and "Error failed to update license"

output of show activation key says that 25 connections are licenced.

Whats wrong and what else can I check?

Thanks in advance

Peer

Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 50 perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 74 days
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled 74 days
AnyConnect for Cisco VPN Phone : Enabled 74 days
Advanced Endpoint Assessment : Enabled 74 days
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

Output of debug AAA shim while open the 3rd connection:

AAA/SHIM: creating new ctx
AAA/SHIM: Created context
AAA/SHIM: Lookup ctx
AAA/SHIM: caller sleeping
AAA/SHIM: Fiber started
AAA/SHIM: handle open success
AAA/SHIM: build request attributes
AAA/SHIM: authenticating testuser, tgroup=DefaultWEBVPNGroup
AAA/SHIM: AAA response=ACCEPT
AAA/SHIM: license limit reached 2
AAA/SHIM: Error failed to update license
AAA/SHIM - fc: wakeup caller
AAA/SHIM: Request End
AAA/SHIM: closing session
AAA/SHIM: closed handle

Sheraz.Salim · ‎04-20-2020

what version you on the ASA. find a bug here CSCuu86165 and here CSCvf60622 could be you hitting this.

try upgrade the software on 5505 to 9.1.7 Interim. however the 5505 are EOL.

please do not forget to rate.

peermarks · ‎04-21-2020

Hi Sheraz.Salim,

thanks for quick response. On the ASA is a 9.1(7) from year 2016 in use, see show version output below. I'm not sure if it differs from 9.1.7 Interim but I would give it a try. How can I get this image, since there is no active support contract for this device?
Kind Regards
Peer

FW-SE-BOR-01# sh ver

Cisco Adaptive Security Appliance Software Version 9.1(7)
Device Manager Version 7.5(2)153

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

FW-SE-BOR-01 up 21 hours 37 mins

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
.
.
.
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 50 perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 73 days
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled 73 days
AnyConnect for Cisco VPN Phone : Enabled 73 days
Advanced Endpoint Assessment : Enabled 73 days
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Sheraz.Salim · ‎04-21-2020

dont you have a support contract with cisco? ASA software for 5505 9.1.7 is interim 2018 worth trying it.

if you do not have a support contract with cisco as your cisco gold partner or cisco representative they will help you on this.

please do not forget to rate.