ASAv Smart Licensing

Just wanted to make a quick post about Smart Licensing for the ASAv. It seems every time I have to go through it, I look it up all over again.

Head over to your Smart Licensing Account (https://software.cisco.com/#SmartLicensing-Inventory) and Click “New-Token”. Fill out the form with the description and expiration date and Create Token. Once this is complete, you should get a dialog back with a long string.

You must change your hostname from the default of ‘ciscoasa’ or ‘asav’ in order for smart licensing to work.

On the ASAv, let’s enable DNS on the outside interface.

 dns domain-lookup outside
 dns server-group DefaultDNS
 name-server 4.2.2.2

Alright. Let’s setup the throughput level for smart licensing.  Input what level for the specific license you have.

license smart
feature tier standard
throughput level 100M

Okay. Let’s generate the license.

 license smart register idtoken <insert token value from above>

You should be good to go.

 

INFO: ASAv platform license state is Licensed.

# sh license status

Smart Licensing is ENABLED

Registration:
  Status: REGISTERED
  Smart Account: My Company Inc.
  Virtual Account: MyLicenseAccount
  Export-Controlled Functionality: Allowed
  Initial Registration: SUCCEEDED on Jan 08 20:05:39 2018 UTC
  Last Renewal Attempt: None
  Next Renewal Attempt: Jul 07 20:05:39 2018 UTC
  Registration Expires: Jan 08 20:00:28 2019 UTC

License Authorization: 
  Status: AUTHORIZED on Jan 08 20:05:49 2018 UTC
  Last Communication Attempt: SUCCESS on Jan 08 20:05:49 2018 UTC
  Next Communication Attempt: Feb 07 20:05:49 2018 UTC
  Communication Deadline: Apr 08 20:00:40 2018 UTC

Cisco has updated some of it’s certificates as of October 2018. If you are having issues registering, please try the following.

Reference: https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/213932-asa-smart-licensing-failures-due-to-cert.html

 
HQ-ASAv1#  crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios_core.p7b 

Root file signature verified.
Trustpool import:
   attempted:  10
   installed:  10
   duplicates: 0
   expired:    0
   failed:     0

HQ-ASAv1# show crypto ca trustpool policy

10 trustpool certificates installed

Trustpool auto import statistics:
    Last import result: N/A
    Next scheduled import at 22:00:00 UTC Sat Feb 23 2019

Trustpool Policy

   Trustpool revocation checking is disabled
   CRL cache time: 60 seconds
   CRL next update field: required and enforced

   Automatic import of trustpool certificates is enabled

   Automatic import URL: http://www.cisco.com/security/pki/trs/ios_core.p7b
   Download time: 22:00:00


   Policy Overrides:
      None configured
HQ-ASAv1# license smart register idtoken 
HQ-ASAv1# INFO: ASAv platform license state is Licensed.

HQ-ASAv1# 
HQ-ASAv1# sh crypto ca trustpool
CA Certificate
  Fingerprint: cb17e431673ee209fe455793f30afa1c
  Issuer Name: 
    cn=VeriSign Class 3 Public Primary Certification Authority - G5
    ou=(c) 2006 VeriSign\, Inc. - For authorized use only
    ou=VeriSign Trust Network
    o=VeriSign\, Inc.
    c=US
  Subject Name: 
    cn=VeriSign Class 3 Public Primary Certification Authority - G5
    ou=(c) 2006 VeriSign\, Inc. - For authorized use only
    ou=VeriSign Trust Network
    o=VeriSign\, Inc.
    c=US

CA Certificate
  Fingerprint: 5e397bddf8baec82e9ac62ba0c54002b
  Issuer Name: 
    cn=QuoVadis Root CA 2
    o=QuoVadis Limited
    c=BM
  Subject Name: 
    cn=QuoVadis Root CA 2
    o=QuoVadis Limited

HQ-ASAv1# sh license status

Smart Licensing is ENABLED

Registration:
  Status: REGISTERED
  Smart Account: My Company Inc.
  Virtual Account: MyLicenseAccount
  Export-Controlled Functionality: Allowed
  Initial Registration: SUCCEEDED on Feb 23 15:06:17 2019 UTC
  Last Renewal Attempt: None
  Next Renewal Attempt: Aug 22 15:06:17 2019 UTC
  Registration Expires: Feb 23 15:01:58 2020 UTC

License Authorization: 
  Status: AUTHORIZED on Feb 23 15:06:33 2019 UTC
  Last Communication Attempt: SUCCESS on Feb 23 15:06:33 2019 UTC
  Next Communication Attempt: Mar 25 15:06:33 2019 UTC
  Communication Deadline: May 24 15:01:16 2019 UTC
This entry was posted in ASAv, Licensing, Security. Bookmark the permalink.

Leave a Reply