Upgrading the license on Cisco ASA 5505

Obtain the “activation” key from Cisco.

Connect to the ASA, and issue show activation-key to display information about the currently applied license.

image

The new activation key needs to be applied from the global configuration mode.

In the console simply type conf t to get into the global configuration mode.

Next use the activation-key [YourActivationKey] command to apply the key.

image

Confirm that the license was upgraded by issuing the show activation-key command again.

image

You’ll notice in our example, that we successfully upgraded an Cisco ASA 5505 from a 10 (inside hosts) user license to a 50 (inside hosts) user license.

TCP idle connections on Cisco ASA

Users reporting issues with hosted SaaS. After a period (approximately 1 hour) of inactivity (still running in the background) application stops working properly.

Default settings:

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00

Modified settings:

timeout conn 4:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

ASA# sh local-host | i xxx.xxx.xxx.xxx
local host: <xxx.xxx.xxx.xxx>,
TCP Outside xxx.xxx.xxx.xxx:23 Inside yyy.yyy.yyy.yyy:4527, idle 1:45:14, bytes 119373, flags UIO

ASA# sh conn detail | i xxx.xxx.xxx.xxx
TCP Outside:xxx.xxx.xxx.xxx/23 Inside:yyy.yyy.yyy.yyyy/4367,

Cisco ASA 500 Series Command Reference, 8.2

Layer 2 & Layer 3 Port Channel configuration

image

Layer2 PortChannel

Switch2#conf t
Switch2(config)#interface range fastethernet 0/9 – 10
Switch2(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1

Switch3#conf t
Switch3(config)#int range gig 0/9 – 10
Switch3(config-if-range)#channel-gr 1 mode active
Creating a port-channel interface Port-channel 1

00:04:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/9, changed state to down
00:04:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/10, changed state to down
00:04:55: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up
00:04:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/9, changed state to up
00:04:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/10, changed state to up
00:04:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

Switch3#sh int po 1 eth
Port-channel1   (Primary aggregator)

Age of the Port-channel   = 0d:00h:02m:32s
Logical slot/port   = 2/1          Number of ports = 2
HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =   LACP

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
——+——+——+——————+———–
  0     00     Gi0/9    Active             0
  0     00     Gi0/10   Active             0

Time since last port bundled:    0d:00h:02m:30s    Gi0/10

Switch2#sh int po 1 eth
Port-channel1   (Primary aggregator)

Age of the Port-channel   = 0d:00h:03m:32s
Logical slot/port   = 2/1          Number of ports = 2
HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =   LACP

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
——+——+——+——————+———–
  0     00     Fa0/9    Active             0
  0     00     Fa0/10   Active             0

Time since last port bundled:    0d:00h:02m:56s    Fa0/10

Switch2#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  administratively down down
FastEthernet0/1        unassigned      YES unset  down                  down
FastEthernet0/2        unassigned      YES unset  down                  down
FastEthernet0/3        unassigned      YES unset  down                  down
FastEthernet0/4        unassigned      YES unset  down                  down
FastEthernet0/5        unassigned      YES unset  down                  down
FastEthernet0/6        unassigned      YES unset  down                  down
FastEthernet0/7        unassigned      YES unset  down                  down
FastEthernet0/8        unassigned      YES unset  down                  down
FastEthernet0/9        unassigned      YES unset  up                    up
FastEthernet0/10       unassigned      YES unset  up                    up
FastEthernet0/11       unassigned      YES unset  down                  down
FastEthernet0/12       unassigned      YES unset  down                  down
FastEthernet0/13       unassigned      YES unset  up                    up
FastEthernet0/14       unassigned      YES unset  up                    up
FastEthernet0/15       unassigned      YES unset  down                  down
FastEthernet0/16       unassigned      YES unset  down                  down
FastEthernet0/17       unassigned      YES unset  down                  down
FastEthernet0/18       unassigned      YES unset  down                  down
FastEthernet0/19       unassigned      YES unset  down                  down
FastEthernet0/20       unassigned      YES unset  down                  down
FastEthernet0/21       unassigned      YES unset  down                  down
FastEthernet0/22       unassigned      YES unset  down                  down
FastEthernet0/23       unassigned      YES unset  down                  down
FastEthernet0/24       unassigned      YES unset  down                  down
GigabitEthernet0/1     unassigned      YES unset  down                  down
GigabitEthernet0/2     unassigned      YES unset  down                  down
Port-channel1          unassigned      YES unset  up                    up

Switch2#sh run int po 1
!
interface Port-channel1
end

Switch2#sh run int fa 0/9
!
interface FastEthernet0/9
channel-group 1 mode active
end

Layer3 PortChannel

Switch2#conf t
Switch2(config)#int ran fa0/9 – 10
Switch2(config-if-range)#no switch
Switch2(config-if-range)#channel-gr 1 mode active
Creating a port-channel interface Port-channel 1

Switch2#conf t
Switch2(config)#int po 1
Switch2(config-if)#no switch
Switch2(config-if)#ip add 1.1.1.1 255.255.255.0

Switch2(config)#ip routing

Reset Cisco router to factory defaults

Use console cable to connect to the router’s console port.

image

Once you are at the router prompt, authenticate and use the write erase command to wipe the configuration files from NVRAM.

image

Reload the router by issuing the reload command.