Loading

Thursday, October 27, 2011

ASA 5500 SSL VPN Add Licenses to ASA

I recently had to enable some of my mobile Mac clients with Cisco AnyConnect VPN Client for Mac.  Then, of course since the ASA only included 2 SSL VPN licenses and that's what the AnyConnect VPN Client uses I had to purchase some additional licenses.  I purchased the licenses through a reseller & a couple days later they sent me a PDF listing the product (L-ASA-SSL-10= ASA 5500 SSL VPN 10 Premium User License) and a Product Authorization Key.

First, go to the Cisco Product Registration Page and login with your TAC credentials.  In the Product Authorization Key (PAK) field enter the Product Authorization Key from your PDF then click submit.

Next, follow the prompts and agree to their end user license agreement.  You will have to provide the ASA's serial number which can be obtained from the chassis or via show version from the CLI (this is probably the best method as you can copy the S/N from the CLI, then paste it to the authorization screen).

Now wait.

After submitting the required information and verifying other info you'll see the following message indicating that you'll have to wait up to one hour to receive an email with the xxx.  You'd think Cisco would be able to provide this info right away.  Guess not.

You'll be presented with the following helpful message to read while you wait...
Your license and user information will be sent via email within 1 hour to the email address you specified. If you have not received an email within 1 hour, please open a Service Request using the TAC Service Request Tool. Please have your valid Cisco.com user Id and password available. As an alternative, you may also call our main Technical Assistance Center at 800-553-2447.
Please be sure to check your Junk/Spam email folders for this email from licensing@cisco.com with your license key attached.
Fortunately only a few minutes later I received the email with the ASA activation key (which is 77 characters  long) and the following instructions.

Installing Your Cisco Adaptive Security Appliance Activation Key
Step 1.  From the command line interface (CLI), enter configuration mode using the "conf t" command.
Step 2.  Type the "activation-key" command, and then, when prompted, enter the new activation key listed above.
Which I promptly followed.  Now I have 10 licenses with which to connect my clients.  This by the way is a bit of a disappointment as I already had two.  I would have hoped Cisco would have preserved the two gratis WebVPN licenses and added my 10 new ones.  Not so luck.

No comments:

Post a Comment