Thursday, April 24, 2014

Cisco ASA: How To License The IPS Module

For the IPS module in the ASA, I had to go to the to get the license off the Cisco licensing site.  Not a big deal, you just have to know the process.  Here it is:
1. Verify the current software version your IPS module is running.  You can do this by running a “show module” command.
2. Go to  Log in using your username and password.
3. Click on the “Get New” tab and select “Crypto, IPS and Other Licenses”
4. Select Security products and choose between:
• Cisco Services for IPS service license (Version 6.1 and later) 
• Cisco Services for IPS service license (Version 6.0.x and earlier)
5. Choose your device
6. Specify any required information on the following screen.
7. Check to confirm that you agree to theLicense agreement and specify email addresses where you would like the licenses to be sent.  
8. Click “Get license”.  The license will be emailed within an hour to the specified email addresses.

Now that I have the license, here is how I got it on the IPS module.  Remember, you have to have an IP address on the module already.  You can follow THIS LINK to find out how to get an IP on your module for this.
Turn on your FTP server on your laptop.  Now take a look below.

sensor# copy ftp://shane@ license-key
Password: *****
sensor# sh ver
Application Partition:

Cisco Intrusion Prevention System, Version 6.0(6)E4

    Realm Keys          key1.0
Signature Definition:
    Signature Update    S480.0                   2010-03-24
OS Version:             2.4.30-IDS-smp-bigphys
Platform:               ASA-SSM-10
Serial Number:          JADXXXXXX
Licensed, expires:      24-Mar-2015 UTC
Sensor up-time is 24 days.
Using 659283968 out of 1032499200 bytes of available memory (63% usage)
application-data is using 39.8M out of 166.8M bytes of available disk space (25% usage)
boot is using 37.8M out of 68.6M bytes of available disk space (58% usage)

MainApp          N-NUBRA_2009_JUL_15_01_10_6_0_5_57    (Ipsbuild)   2009-07-15T01:15:08-0500   Running
AnalysisEngine   NE-NUBRA_E4_2010_MAR_24_22_44_6_0_6   (Ipsbuild)   2010-03-24T22:47:53-0500   Running
CLI              N-NUBRA_2009_JUL_15_01_10_6_0_5_57    (Ipsbuild)   2009-07-15T01:15:08-0500

Upgrade History:

  IPS-K9-6.0-6-E4   00:14:06 UTC Thu Mar 25 2010

Recovery Partition Version 1.1 - 6.0(6)E4


1 comment:

  1. Does it require any module reload or I can apply licence during work-hours? Also, it looks like it applied automatically, correct? Mean there's no command to activate licence, just upload it to module?


Your comment will be reviewed for approval. Thank you for submitting your comments.