I recently configured an ASA 5525-X firewall and needed to activate a security context license. I noticed there were two serial numbers: one on the chassis and another on the show version command output.
According to Cisco, the chassis' serial number is used to tie-up for SmartNet and the show version's serial number is used for the licensing (3DES/AES, Security Context, Botnet, etc).
Here's a link to Cisco's licensing portal (CCO login required) and a sample Product Authorization Key (PAK) or e-license sent via email. The product code for the 10 Security License is L-ASA-SC-10=. The 5525-X supports 2 Security Context by default and a maximum of 20 according to the ASA 5500-X Series matrix.
Here's the full boot up output and default configuration of the ASA device:
Wait for the first 10 seconds for BMC initial!
Wait for the second 10 seconds for BMC initial!
Wait for the third 10 seconds for BMC initial!
Wait for the latest 10 seconds for BMC initial!
Wait for BMC initial successfully, BIOS POST ongoing!
Booting system, please wait.........
Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44
CPU Type: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:624 KB, Extended Memory:3573 MB
PCI Device Table:
Bus Dev Func VendID DevID Class IRQ
---------------------------------------------------------
00 00 00 8086 D130 Bridge Device
00 03 00 8086 D138 PCI Bridge,IRQ=11
00 05 00 8086 D13A PCI Bridge,IRQ=11
00 08 00 8086 D155 System Device
00 08 01 8086 D156 System Device
00 08 02 8086 D157 System Device
00 08 03 8086 D158 System Device
00 10 00 8086 D150 System Device
00 10 01 8086 D151 System Device
00 16 00 8086 3B64 I/O Port Device,IRQ=11
00 1A 00 8086 3B3C USB Controller,IRQ=11
00 1C 00 8086 3B42 PCI Bridge,IRQ=10
00 1C 04 8086 3B4A PCI Bridge,IRQ=10
00 1C 05 8086 3B4C PCI Bridge,IRQ=11
00 1D 00 8086 3B34 USB Controller,IRQ=7
00 1E 00 8086 244E PCI Bridge
00 1F 00 8086 3B16 Bridge Device
00 1F 02 8086 3B22 SATA DPA,IRQ=5
00 1F 03 8086 3B30 SMBus,IRQ=11
01 00 00 10B5 8618 PCI Bridge,IRQ=11
02 01 00 10B5 8618 PCI Bridge,IRQ=10
02 03 00 10B5 8618 PCI Bridge,IRQ=5
02 05 00 10B5 8618 PCI Bridge,IRQ=10
02 07 00 10B5 8618 PCI Bridge,IRQ=5
02 09 00 10B5 8618 PCI Bridge,IRQ=10
02 0B 00 10B5 8618 PCI Bridge,IRQ=5
02 0D 00 10B5 8618 PCI Bridge,IRQ=10
02 0F 00 10B5 8618 PCI Bridge,IRQ=5
03 00 00 8086 10D3 Ethernet,IRQ=10
04 00 00 8086 10D3 Ethernet,IRQ=5
05 00 00 8086 10D3 Ethernet,IRQ=10
06 00 00 8086 10D3 Ethernet,IRQ=5
07 00 00 8086 10D3 Ethernet,IRQ=10
08 00 00 8086 10D3 Ethernet,IRQ=5
09 00 00 8086 10D3 Ethernet,IRQ=10
0A 00 00 8086 10D3 Ethernet,IRQ=5
0B 00 00 10B5 8624 PCI Bridge,IRQ=11
0C 04 00 10B5 8624 PCI Bridge,IRQ=11
0C 05 00 10B5 8624 PCI Bridge,IRQ=10
0C 08 00 10B5 8624 PCI Bridge,IRQ=11
0C 09 00 10B5 8624 PCI Bridge,IRQ=10
0F 00 00 1000 0A05 Processor,IRQ=11
11 00 00 177D 0010 Cavium Encryption,IRQ=11
12 00 00 8086 10D3 Ethernet,IRQ=11
13 00 00 1A03 1150 PCI Bridge,IRQ=10
14 00 00 1A03 2000 VGA,IRQ=10
FF 00 00 8086 2C50 Bridge Device
FF 00 01 8086 2C81 Bridge Device
FF 02 00 8086 2C90 Bridge Device
FF 02 01 8086 2C91 Bridge Device
FF 03 00 8086 2C98 Bridge Device
FF 03 01 8086 2C99 Bridge Device
FF 03 02 8086 2C9A Bridge Device
FF 03 04 8086 2C9C Bridge Device
FF 04 00 8086 2CA0 Bridge Device
FF 04 01 8086 2CA1 Bridge Device
FF 04 02 8086 2CA2 Bridge Device
FF 04 03 8086 2CA3 Bridge Device
FF 05 00 8086 2CA8 Bridge Device
FF 05 01 8086 2CA9 Bridge Device
FF 05 02 8086 2CAA Bridge Device
FF 05 03 8086 2CAB Bridge Device
Booting from ROMMON
Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa861-2-smp-k8.bin... Booting...
Platform ASA5525
Loading...
IO memory blocks requested from bigphys 32bit: 61984
ÿdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/sda1: 118 files, 20472/1951812 clusters
dosfsck(/dev/sda1) returned 0
Processor memory 3512373248, Reserved memory: 0
Total NICs found: 13
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 08 MAC: 7426.ac5a.debf
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 07 MAC: 7426.ac5a.dec3
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 06 MAC: 7426.ac5a.debe
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 05 MAC: 7426.ac5a.dec2
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 04 MAC: 7426.ac5a.debd
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 03 MAC: 7426.ac5a.dec1
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 02 MAC: 7426.ac5a.debc
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 01 MAC: 7426.ac5a.dec0
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: 7426.ac5a.debb
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x2c30cf45 0x4cc17a85 0xb9137dd4 0xf418e86c 0x493abcdef
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Cisco Adaptive Security Appliance Software Version 8.6(1)2
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2012 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!.
Cryptochecksum (unchanged): 71d9aac2 22d7123c d5cac894 e118f10c
Type help or '?' for a list of available commands.
ciscoasa> enable
Password:
ciscoasa# show running-config
: Saved
:
ASA Version 8.6(1)2
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:71d9aac222d7123cd5cac894e118f10c
: end
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.6(1)2
Device Manager Version 6.6(1)
Compiled on Fri 01-Jun-12 02:16 by builders
System image file is "disk0:/asa861-2-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 mins 17 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 7426.ac5a.debb, irq 11
1: Ext: GigabitEthernet0/0 : address is 7426.ac5a.dec0, irq 5
2: Ext: GigabitEthernet0/1 : address is 7426.ac5a.debc, irq 5
3: Ext: GigabitEthernet0/2 : address is 7426.ac5a.dec1, irq 10
4: Ext: GigabitEthernet0/3 : address is 7426.ac5a.debd, irq 10
5: Ext: GigabitEthernet0/4 : address is 7426.ac5a.dec2, irq 5
6: Ext: GigabitEthernet0/5 : address is 7426.ac5a.debe, irq 5
7: Ext: GigabitEthernet0/6 : address is 7426.ac5a.dec3, irq 10
8: Ext: GigabitEthernet0/7 : address is 7426.ac5a.debf, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is 7426.ac5a.debb, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH18xxxxxx // LOWER LEFT SERIAL NUMBER ON THE CHASSIS, USED FOR LICENSING PORTAL
Running Permanent Activation Key: 0x2c30cf45 0x4cc17a85 0xb9137dd4 0xf418e86c 0x493cc5ac
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# show inventory
Name: "Chassis", DESCR: "ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC"
PID: ASA5525 , VID: V02 , SN: FGL18xxxxxx // RIGHT SIDE SERIAL NUMBER ON THE CHASSIS, USED FOR SMARTNET
ciscoasa# activation-key ?
<0x0-0xffffffff> Enter four-or-five-tuple activation-key
noconfirm Do not prompt for confirmation
ciscoasa# activation-key c22ecd45 78ac555a a9637128 fe9838f8 0e1abcde // SECURITY CONTEXT LICENSE KEY, GENERATED FROM CISCO LICENSING PORTAL AND IT'S TIED TO THE 'SHOW VERSION' SERIAL NUMBER
Validating activation key. This may take a few minutes...
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.6(1)2
Device Manager Version 6.6(1)
Compiled on Fri 01-Jun-12 02:16 by builders
System image file is "disk0:/asa861-2-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 8 mins 35 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 7426.ac5a.debb, irq 11
1: Ext: GigabitEthernet0/0 : address is 7426.ac5a.dec0, irq 5
2: Ext: GigabitEthernet0/1 : address is 7426.ac5a.debc, irq 5
3: Ext: GigabitEthernet0/2 : address is 7426.ac5a.dec1, irq 10
4: Ext: GigabitEthernet0/3 : address is 7426.ac5a.debd, irq 10
5: Ext: GigabitEthernet0/4 : address is 7426.ac5a.dec2, irq 5
6: Ext: GigabitEthernet0/5 : address is 7426.ac5a.debe, irq 5
7: Ext: GigabitEthernet0/6 : address is 7426.ac5a.dec3, irq 10
8: Ext: GigabitEthernet0/7 : address is 7426.ac5a.debf, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is 7426.ac5a.debb, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 10 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH18xxxxxx
Running Permanent Activation Key: 0xc22ecd45 0x78ac555a 0xa9637128 0xfe9838f8 0x493cc5ac
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# configure terminal
ciscoasa(config)# mode ?
configure mode commands/options:
multiple Multiple mode; mode with security contexts
noconfirm Do not prompt for confirmation
single Single mode; mode without security contexts
ciscoasa(config)# mode multiple // ASA WILL AUTO REBOOT AFTERWARDS
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
Converting the configuration - this may take several minutes for a large configuration
The admin context configuration will be written to flash
The new running configuration file was written to flash
Security context mode: multiple
***
*** --- SHUTDOWN NOW ---
***
*** Message to all terminals:
***
*** change mode
Process shutdown finished
<OUTPUT TRUNCATED>
ciscoasa# show mode
Security context mode: multiple
ciscoasa# show running-config
: Saved
:
ASA Version 8.6(1)2 <system>
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface GigabitEthernet0/3
shutdown
!
interface GigabitEthernet0/4
shutdown
!
interface GigabitEthernet0/5
shutdown
!
interface GigabitEthernet0/6
shutdown
!
interface GigabitEthernet0/7
shutdown
!
interface Management0/0
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
pager lines 24
no failover
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
console timeout 0
admin-context admin
context admin // DEFAULT CONTEXT
allocate-interface Management0/0
config-url disk0:/admin.cfg
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:9cfa9a9c0ce42750fb12f071b3459f3d
: end
Here's a link to Cisco's licensing portal (CCO login required) and a sample Product Authorization Key (PAK) or e-license sent via email. The product code for the 10 Security License is L-ASA-SC-10=. The 5525-X supports 2 Security Context by default and a maximum of 20 according to the ASA 5500-X Series matrix.
Here's the full boot up output and default configuration of the ASA device:
Wait for the first 10 seconds for BMC initial!
Wait for the second 10 seconds for BMC initial!
Wait for the third 10 seconds for BMC initial!
Wait for the latest 10 seconds for BMC initial!
Wait for BMC initial successfully, BIOS POST ongoing!
Booting system, please wait.........
Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44
CPU Type: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:624 KB, Extended Memory:3573 MB
PCI Device Table:
Bus Dev Func VendID DevID Class IRQ
---------------------------------------------------------
00 00 00 8086 D130 Bridge Device
00 03 00 8086 D138 PCI Bridge,IRQ=11
00 05 00 8086 D13A PCI Bridge,IRQ=11
00 08 00 8086 D155 System Device
00 08 01 8086 D156 System Device
00 08 02 8086 D157 System Device
00 08 03 8086 D158 System Device
00 10 00 8086 D150 System Device
00 10 01 8086 D151 System Device
00 16 00 8086 3B64 I/O Port Device,IRQ=11
00 1A 00 8086 3B3C USB Controller,IRQ=11
00 1C 00 8086 3B42 PCI Bridge,IRQ=10
00 1C 04 8086 3B4A PCI Bridge,IRQ=10
00 1C 05 8086 3B4C PCI Bridge,IRQ=11
00 1D 00 8086 3B34 USB Controller,IRQ=7
00 1E 00 8086 244E PCI Bridge
00 1F 00 8086 3B16 Bridge Device
00 1F 02 8086 3B22 SATA DPA,IRQ=5
00 1F 03 8086 3B30 SMBus,IRQ=11
01 00 00 10B5 8618 PCI Bridge,IRQ=11
02 01 00 10B5 8618 PCI Bridge,IRQ=10
02 03 00 10B5 8618 PCI Bridge,IRQ=5
02 05 00 10B5 8618 PCI Bridge,IRQ=10
02 07 00 10B5 8618 PCI Bridge,IRQ=5
02 09 00 10B5 8618 PCI Bridge,IRQ=10
02 0B 00 10B5 8618 PCI Bridge,IRQ=5
02 0D 00 10B5 8618 PCI Bridge,IRQ=10
02 0F 00 10B5 8618 PCI Bridge,IRQ=5
03 00 00 8086 10D3 Ethernet,IRQ=10
04 00 00 8086 10D3 Ethernet,IRQ=5
05 00 00 8086 10D3 Ethernet,IRQ=10
06 00 00 8086 10D3 Ethernet,IRQ=5
07 00 00 8086 10D3 Ethernet,IRQ=10
08 00 00 8086 10D3 Ethernet,IRQ=5
09 00 00 8086 10D3 Ethernet,IRQ=10
0A 00 00 8086 10D3 Ethernet,IRQ=5
0B 00 00 10B5 8624 PCI Bridge,IRQ=11
0C 04 00 10B5 8624 PCI Bridge,IRQ=11
0C 05 00 10B5 8624 PCI Bridge,IRQ=10
0C 08 00 10B5 8624 PCI Bridge,IRQ=11
0C 09 00 10B5 8624 PCI Bridge,IRQ=10
0F 00 00 1000 0A05 Processor,IRQ=11
11 00 00 177D 0010 Cavium Encryption,IRQ=11
12 00 00 8086 10D3 Ethernet,IRQ=11
13 00 00 1A03 1150 PCI Bridge,IRQ=10
14 00 00 1A03 2000 VGA,IRQ=10
FF 00 00 8086 2C50 Bridge Device
FF 00 01 8086 2C81 Bridge Device
FF 02 00 8086 2C90 Bridge Device
FF 02 01 8086 2C91 Bridge Device
FF 03 00 8086 2C98 Bridge Device
FF 03 01 8086 2C99 Bridge Device
FF 03 02 8086 2C9A Bridge Device
FF 03 04 8086 2C9C Bridge Device
FF 04 00 8086 2CA0 Bridge Device
FF 04 01 8086 2CA1 Bridge Device
FF 04 02 8086 2CA2 Bridge Device
FF 04 03 8086 2CA3 Bridge Device
FF 05 00 8086 2CA8 Bridge Device
FF 05 01 8086 2CA9 Bridge Device
FF 05 02 8086 2CAA Bridge Device
FF 05 03 8086 2CAB Bridge Device
Booting from ROMMON
Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa861-2-smp-k8.bin... Booting...
Platform ASA5525
Loading...
IO memory blocks requested from bigphys 32bit: 61984
ÿdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/sda1: 118 files, 20472/1951812 clusters
dosfsck(/dev/sda1) returned 0
Processor memory 3512373248, Reserved memory: 0
Total NICs found: 13
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 08 MAC: 7426.ac5a.debf
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 07 MAC: 7426.ac5a.dec3
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 06 MAC: 7426.ac5a.debe
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 05 MAC: 7426.ac5a.dec2
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 04 MAC: 7426.ac5a.debd
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 03 MAC: 7426.ac5a.dec1
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 02 MAC: 7426.ac5a.debc
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 01 MAC: 7426.ac5a.dec0
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: 7426.ac5a.debb
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x2c30cf45 0x4cc17a85 0xb9137dd4 0xf418e86c 0x493abcdef
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Cisco Adaptive Security Appliance Software Version 8.6(1)2
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2012 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!.
Cryptochecksum (unchanged): 71d9aac2 22d7123c d5cac894 e118f10c
Type help or '?' for a list of available commands.
ciscoasa> enable
Password:
ciscoasa# show running-config
: Saved
:
ASA Version 8.6(1)2
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:71d9aac222d7123cd5cac894e118f10c
: end
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.6(1)2
Device Manager Version 6.6(1)
Compiled on Fri 01-Jun-12 02:16 by builders
System image file is "disk0:/asa861-2-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 mins 17 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 7426.ac5a.debb, irq 11
1: Ext: GigabitEthernet0/0 : address is 7426.ac5a.dec0, irq 5
2: Ext: GigabitEthernet0/1 : address is 7426.ac5a.debc, irq 5
3: Ext: GigabitEthernet0/2 : address is 7426.ac5a.dec1, irq 10
4: Ext: GigabitEthernet0/3 : address is 7426.ac5a.debd, irq 10
5: Ext: GigabitEthernet0/4 : address is 7426.ac5a.dec2, irq 5
6: Ext: GigabitEthernet0/5 : address is 7426.ac5a.debe, irq 5
7: Ext: GigabitEthernet0/6 : address is 7426.ac5a.dec3, irq 10
8: Ext: GigabitEthernet0/7 : address is 7426.ac5a.debf, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is 7426.ac5a.debb, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH18xxxxxx // LOWER LEFT SERIAL NUMBER ON THE CHASSIS, USED FOR LICENSING PORTAL
Running Permanent Activation Key: 0x2c30cf45 0x4cc17a85 0xb9137dd4 0xf418e86c 0x493cc5ac
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# show inventory
Name: "Chassis", DESCR: "ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC"
PID: ASA5525 , VID: V02 , SN: FGL18xxxxxx // RIGHT SIDE SERIAL NUMBER ON THE CHASSIS, USED FOR SMARTNET
ciscoasa# activation-key ?
<0x0-0xffffffff> Enter four-or-five-tuple activation-key
noconfirm Do not prompt for confirmation
ciscoasa# activation-key c22ecd45 78ac555a a9637128 fe9838f8 0e1abcde // SECURITY CONTEXT LICENSE KEY, GENERATED FROM CISCO LICENSING PORTAL AND IT'S TIED TO THE 'SHOW VERSION' SERIAL NUMBER
Validating activation key. This may take a few minutes...
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.6(1)2
Device Manager Version 6.6(1)
Compiled on Fri 01-Jun-12 02:16 by builders
System image file is "disk0:/asa861-2-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 8 mins 35 secs
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-0014
IPSec microcode : CNPx-MC-IPSEC-MAIN-0014
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 7426.ac5a.debb, irq 11
1: Ext: GigabitEthernet0/0 : address is 7426.ac5a.dec0, irq 5
2: Ext: GigabitEthernet0/1 : address is 7426.ac5a.debc, irq 5
3: Ext: GigabitEthernet0/2 : address is 7426.ac5a.dec1, irq 10
4: Ext: GigabitEthernet0/3 : address is 7426.ac5a.debd, irq 10
5: Ext: GigabitEthernet0/4 : address is 7426.ac5a.dec2, irq 5
6: Ext: GigabitEthernet0/5 : address is 7426.ac5a.debe, irq 5
7: Ext: GigabitEthernet0/6 : address is 7426.ac5a.dec3, irq 10
8: Ext: GigabitEthernet0/7 : address is 7426.ac5a.debf, irq 10
9: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
12: Ext: Management0/0 : address is 7426.ac5a.debb, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 10 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
This platform has an ASA5525 VPN Premium license.
Serial Number: FCH18xxxxxx
Running Permanent Activation Key: 0xc22ecd45 0x78ac555a 0xa9637128 0xfe9838f8 0x493cc5ac
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# configure terminal
ciscoasa(config)# mode ?
configure mode commands/options:
multiple Multiple mode; mode with security contexts
noconfirm Do not prompt for confirmation
single Single mode; mode without security contexts
ciscoasa(config)# mode multiple // ASA WILL AUTO REBOOT AFTERWARDS
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Convert the system configuration? [confirm]
!
The old running configuration file will be written to flash
Converting the configuration - this may take several minutes for a large configuration
The admin context configuration will be written to flash
The new running configuration file was written to flash
Security context mode: multiple
***
*** --- SHUTDOWN NOW ---
***
*** Message to all terminals:
***
*** change mode
Process shutdown finished
<OUTPUT TRUNCATED>
ciscoasa# show mode
Security context mode: multiple
ciscoasa# show running-config
: Saved
:
ASA Version 8.6(1)2 <system>
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface GigabitEthernet0/3
shutdown
!
interface GigabitEthernet0/4
shutdown
!
interface GigabitEthernet0/5
shutdown
!
interface GigabitEthernet0/6
shutdown
!
interface GigabitEthernet0/7
shutdown
!
interface Management0/0
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
pager lines 24
no failover
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
console timeout 0
admin-context admin
context admin // DEFAULT CONTEXT
allocate-interface Management0/0
config-url disk0:/admin.cfg
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:9cfa9a9c0ce42750fb12f071b3459f3d
: end