Just wanted to make a quick post about Smart Licensing for the ASAv. It seems every time I have to go through it, I look it up all over again.
Head over to your Smart Licensing Account (https://software.cisco.com/#SmartLicensing-Inventory) and Click “New-Token”. Fill out the form with the description and expiration date and Create Token. Once this is complete, you should get a dialog back with a long string.
You must change your hostname from the default of ‘ciscoasa’ or ‘asav’ in order for smart licensing to work.
On the ASAv, let’s enable DNS on the outside interface.
dns domain-lookup outside dns server-group DefaultDNS name-server 126.96.36.199
Alright. Let’s setup the throughput level for smart licensing. Input what level for the specific license you have.
license smart feature tier standard throughput level 100M
Okay. Let’s generate the license.
license smart register idtoken <insert token value from above>
You should be good to go.
INFO: ASAv platform license state is Licensed. # sh license status Smart Licensing is ENABLED Registration: Status: REGISTERED Smart Account: My Company Inc. Virtual Account: MyLicenseAccount Export-Controlled Functionality: Allowed Initial Registration: SUCCEEDED on Jan 08 20:05:39 2018 UTC Last Renewal Attempt: None Next Renewal Attempt: Jul 07 20:05:39 2018 UTC Registration Expires: Jan 08 20:00:28 2019 UTC License Authorization: Status: AUTHORIZED on Jan 08 20:05:49 2018 UTC Last Communication Attempt: SUCCESS on Jan 08 20:05:49 2018 UTC Next Communication Attempt: Feb 07 20:05:49 2018 UTC Communication Deadline: Apr 08 20:00:40 2018 UTC
Cisco has updated some of it’s certificates as of October 2018. If you are having issues registering, please try the following.
HQ-ASAv1# crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios_core.p7b Root file signature verified. Trustpool import: attempted: 10 installed: 10 duplicates: 0 expired: 0 failed: 0 HQ-ASAv1# show crypto ca trustpool policy 10 trustpool certificates installed Trustpool auto import statistics: Last import result: N/A Next scheduled import at 22:00:00 UTC Sat Feb 23 2019 Trustpool Policy Trustpool revocation checking is disabled CRL cache time: 60 seconds CRL next update field: required and enforced Automatic import of trustpool certificates is enabled Automatic import URL: http://www.cisco.com/security/pki/trs/ios_core.p7b Download time: 22:00:00 Policy Overrides: None configured HQ-ASAv1# license smart register idtoken
HQ-ASAv1# INFO: ASAv platform license state is Licensed. HQ-ASAv1# HQ-ASAv1# sh crypto ca trustpool CA Certificate Fingerprint: cb17e431673ee209fe455793f30afa1c Issuer Name: cn=VeriSign Class 3 Public Primary Certification Authority - G5 ou=(c) 2006 VeriSign\, Inc. - For authorized use only ou=VeriSign Trust Network o=VeriSign\, Inc. c=US Subject Name: cn=VeriSign Class 3 Public Primary Certification Authority - G5 ou=(c) 2006 VeriSign\, Inc. - For authorized use only ou=VeriSign Trust Network o=VeriSign\, Inc. c=US CA Certificate Fingerprint: 5e397bddf8baec82e9ac62ba0c54002b Issuer Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited c=BM Subject Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited HQ-ASAv1# sh license status Smart Licensing is ENABLED Registration: Status: REGISTERED Smart Account: My Company Inc. Virtual Account: MyLicenseAccount Export-Controlled Functionality: Allowed Initial Registration: SUCCEEDED on Feb 23 15:06:17 2019 UTC Last Renewal Attempt: None Next Renewal Attempt: Aug 22 15:06:17 2019 UTC Registration Expires: Feb 23 15:01:58 2020 UTC License Authorization: Status: AUTHORIZED on Feb 23 15:06:33 2019 UTC Last Communication Attempt: SUCCESS on Feb 23 15:06:33 2019 UTC Next Communication Attempt: Mar 25 15:06:33 2019 UTC Communication Deadline: May 24 15:01:16 2019 UTC