However, that’s not the end of the story. When you format the flash, it also ERASES your Cisco ASA LICENSE KEY! This causes the ASA to default to the base level license which restricts your device to a limited number of devices, vlans and a restricted DMZ (providing you are using an ASA5505 – varies depending on setup). Choose System License Classic Licenses. Note: If the FMC runs a version earlier than 6.x, choose System License. Click Add New License. From the screen, obtain the License Key. If the device is managed by the ASDM, complete these steps in order to find the License Key: Choose the Configuration option that is located at the top of the window. Choose the ASA FirePOWER Configuration option which is located at the bottom of left pane.
KB ID 0000531
Problem
Each model in the Cisco ASA 5500 range comes with a range of licences and features, to add these features you can purchase them from a Cisco reseller. You will then need to apply the licence to the device.
Solution
1. Your first step is to purchase the Licence you require from an authorised cisco reseller.
2. When your licence arrives you need to locate the PAK that is on the certificate.
3. You need the Serial number of the ASA 5500, to get this either look on the chassis of the device or issue a “show version” command.
4. So the one above has a serial Number of JMX1234ABCD.
5. Now you have the PAK and the serial number, you need to register them with Cisco Go there, login with a Cisco CCO account name. Enter the PAK Code > Submit.
6. Check the PAK details, and add more as required > Click “All Done”.
7. Enter the Serial Number of the ASA and tick “I Agree..” > Enter/Check your details > Enter the Licensee details (If Different) > Continue.
8. Read the Summary > Submit > Wait for it to stop saying “Processing” > When complete it should “Go Green” and say Registration Complete.
9. If can take a little while for the licence to be emailed to you and USUALLY goes straight to Junk Mail (Thanks Microsoft, that’s not funny!)
10. When the Licence comes in, the detail that you need is the activation key, it will look like….
dd12eb50 9e16d5bb 45b2a92c 78901838 44999999
11. You add this licence to the ASA with an “activation-key” command:
12. That’s the licence added.
Note: In the example above I added a licence to increase the web VPN peers from 25 to 50 (Which you can see if you compare the two pieces of code).
To add a Licence from the ASDM
1. Connect via ASDM.
2. Navigate to > Configuration > Device Management > Licensing > Activation Key > Paste in the new activation key > Update Activation Key.
Related Articles, References, Credits, or External Links
11/01/2015
WARNING: This article is for Academic purposes ONLY and not with intention to make profits or resell.
As an engineer myself, I am always curious about how the things work. I could even remember when I was in high school, I used my pocket money to buy a book titled Applied Cryptography, of course it is a Chinese version. I was amazed by the encryption algorithm, such as MD5, RSA, SHA, etc. I bought a DLL plug-in to make my home-brewed software have registration functionality. (I should have studied IT security, shouldn’t I?)
Time flies, I choose Mechanical Engineering to be my major in University but it did not change my ambitious as well as my field of interest. I remembered the first few days I bought my Arduino kit, I was trying to dig some interesting protocols for encryptions using that microcontroller. Well, it’s a 8-bit MCU so it is not likely possible to implement strong algorithms like RSA and MD5. I found someone making CRC32 and SHA on that platform but it will take a few seconds to get the work done.
Anyway, I am talking too much about the past so let’s get into this topic.
Just a couple of days ago, I was given 3 Cisco PIX-515E firewall with Unrestricted (UR) License. To be honest, I had really no idea with these firewalls and only know about the Cisco ISR series during that time (Yes, I am studying CCNA at the moment and the PIX firewalls are unwanted free gift from one eBay seller.). Soon after, I found the ASA could be a very useful equipment in networking as they are capable of doing not only the fire fighters job, but also be NAT/PAT tasks.
I watched a youtube video and the instructor tried to use valid Serial Number and Activation Keys to activate the “virtual” PIX-515E in GNS3 software. As a result, I was getting much more interested in the activation key algorithms than ever! I had a brief look on the eBay.com.au, there were couple of sellers who were selling UR Licenses at a premium price and it looked like a must have (handy) bundle for CCNP students.
I was accidentally got an article on one Russia website, and one of the ‘hacker’ revealed the software algorithm for the UR license key so I would like to write an English version to make it clearer.
Please ignore above paragraphs if you are above the CCNA level :-).
I need to grab a working SN and Key to verify the process is all working. So I grabbed a victim on eBay:
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 809112952
Running Activation Key: 0x4b7c1873 0x54ce958f 0x7b74b95e 0x569def49
Firstly, we need to convert the Serial Number from DEC to HEX. Just use the calculator to conduct the conversion.
DEC(809112952)=HEX(0x 30 3A 15 78)
Secondly, we need to make the inversion of the digits.
30 3A 15 78 => 78 15 3A 30 => 78153A30
Refer to the original discussion, we need to put inverted value of the license type mark (AES+DES+UR = 0x00000039) to the beginning of the SN we have just converted.
“39000000” + “78153A30” = 3900000078153A30
Then we needs a MD5 conversion using a perl syntax:
Cisco Asa License Key Generator Download
If you are running or having a Mac or Linux based O/S, just using the following command:
perl -e ‘use Digest::MD5 qw(md5_hex); print md5_hex(pack(“H*”, “390000006C394E30“))’
If you cannot have access to the Linux or Unix based PC, you can use online compiler, such as: http://www.tutorialspoint.com/execute_perl_online.php. You need to remember that the command will be slightly different:
qw(md5_hex); print md5_hex(pack(“H*”, “390000006C394E30“))
You will get the following result:
73187c4b 8f95ce54 5eb9747b 49ef9d56
Last step, we need to separate the result to 4 groups (shown above), and make the inversion AGAIN to get the final result! You’ll get the same result with our victim’s answer:
0x4b7c1873 0x54ce958f 0x7b74b95e 0x569def49
Cisco Asa License Key Generator Free
Not that bad!