![Cisco Asa License Key Generator Cisco Asa License Key Generator](http://1.bp.blogspot.com/-u6wz2j1-Vj0/U6JPqX6H59I/AAAAAAAACmg/R5SaleCP4LY/s1600/4.jpg)
Cisco ASA license gone!? Today I experienced a failure during an upgrade of an ASA5505 which resulted in my Cisco ASA license disappearing. The ASA complained about error writing to flash.%Error opening disk0:/.private/startup-config (Read-only file system) Error executing command FAILED After searching on the Cisco site, they recommend fixing it by formatting the flash. They didn’t warn you about the consequences of formatting the flash. My Cisco ASA license went missing right after the reboot! So here’s what I encountered and how the problem was resolved.
How to Upgrade the License on a Cisco ASA. Is simply a matter of going into global configuration mode and using the activation-key command to provide the new license key to the ASA. IOU License Generator on Github; Tagged as: asa, cisco, how-to. Image Source. I think you need to use python2 and not python3, I encountered this before and someone from a different site said to use the python2.
First of all, when you experience this message, it means that the flash file system has encountered some issues and that it is mounted as read only. This causes the ASA to be unable to write anything to flash which includes your startup-config. A copy run start will result in the above error message.
First thing you should try is to reboot the device. This should fix the issue 90% of the time. However, if you listened to Cisco and formatted your flash, you’ll notice that doesn’t fix the issue. You are still unable to write anything to disk and now you are forced to reboot. After issuing format flash The file system still appears to be loaded with the current files. Upon rebooting, you will then notice that your files have disappeared and will be unable to boot up and will be stuck with this output. Launching BootLoader.
You are now forced to boot up using rommon and load the image via tftp. Step1: Connect to the ASA firewall using a console cable. Step2: Power off the appliance and then power it on. Step3: When the appliance starts, press the Escape key on your keyboard to force the appliance to enter ROMMON mode.
Step4: In ROMMON mode, configure all necessary settings for connecting to the TFTP server to load the new image. You need to connect a PC with TFTP server on a firewall port (e.g Ethernet0/0).
Then enter the following commands on the ASA. Rommon #1 ADDRESS=192.168.1.10 rommon #2 SERVER=192.168.1.1 rommon #3 GATEWAY=192.168.1.1 rommon #4 IMAGE=asa800-232-k8.bin rommon #5 PORT=Ethernet0/0 rommon #6 tftp Once that’s complete and you have now loaded the image, you can proceed to recover and load the saved configuration file. However, that’s not the end of the story. When you format the flash, it also ERASES your Cisco ASA LICENSE KEY! This causes the ASA to default to the base level license which restricts your device to a limited number of devices, vlans and a restricted DMZ (providing you are using an ASA5505 – varies depending on setup). When you try to copy and paste your config again on to the screen you will be unable to activate more than 3 vlans. Issue a “sh ver” will confirm that.
Licensed features for this platform: Maximum Physical Interfaces: 8 VLANs: 3, DMZ Restricted Inside Hosts: 50 Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Enabled VPN Peers: 10 WebVPN Peers: 2 Dual ISPs: Disabled VLAN Trunk Ports: 0 This platform has a Base license. How to recover your Cisco ASA license? Answer: Cisco Website! So what next? You don’t remember your license key and you’re stuck in a data center scrambling to figure out what to do.
Cisco has a license key generator/recovery tool right on their website. Visit to retrieve your license Under Licenses not requiring a PAK, select click here for available licenses. Then under security products select Cisco ASA 3DES/AES license Once that’s done, fill in your device serial number which can be found by issuing the sh ver command and submit the form. Cisco will send you an email with your Cisco ASA license almost instantaneously! Then enter the activation key using the following command: pix(config)# activation-key 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e The activation key is of course different for each device and is based on the device’s serial number. Once that’s done verify that your license is no updated by issuing a sh ver. I hope this never happens again!
Remember to reboot your device next time you run into a flash problem! This should fix it majority of the time!
A very common scenario for a small business is to initially order a 10 user license and then upgrade to 50 users as the company expands. You need to order via your local Cisco representative a 10-to-50 user license upgrade. The Cisco reseller will request to have the ASA 5505 serial number of your firewall which you can find by executing the “ show version” command. After that, the Cisco reseller will provide you with a license key which is a long hexadecimal string (e.g e02888da 4ba7bed6 f1c123ae ffd8624e). To configure the new license key use the following command.