正常情况下,用GNS3模拟ASA8.4,模拟出来的系统failover、VPN-DES、VPN-3DES-AES功能是disabled的。需要用liences激活,激活过程如下:

show ver可以看到没激活的功能:

ciscoasa(config)# show ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”

ciscoasa up 1 hour 13 mins

Hardware: ASA 5520, 512 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB
0: Ext: GigabitEthernet0 : address is 0000.aba3.be00, irq 0
1: Ext: GigabitEthernet1 : address is 0000.aba3.be01, irq 0
2: Ext: GigabitEthernet2 : address is 0000.aba3.be02, irq 0
3: Ext: GigabitEthernet3 : address is 0000.aba3.be03, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration last modified by enable_15 at 08:15:56.899 UTC Mon Feb 29 2016

 

进入config模式,输入license

ciscoasa(config)# activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0$
Validating activation key. This may take a few minutes…
Failed to retrieve permanent activation key.
Failover is different.
running permanent activation key: Restricted(R)
new permanent activation key: Unrestricted(UR)
WARNING: The running activation key was not updated with the requested key.
Proceed with update flash activation key? [confirm]
The flash permanent activation key was updated with the requested key,
and will become active after the next reload.
ciscoasa(config)# activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0$
Validating activation key. This may take a few minutes…
Failover is different.
running permanent activation key: Restricted(R)
new permanent activation key: Unrestricted(UR)
WARNING: The running activation key was not updated with the requested key.
Proceed with update flash activation key? [confirm]
The flash permanent activation key was updated with the requested key,
and will become active after the next reload.
ciscoasa(config)# reload

重启之后:

ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”

ciscoasa up 11 secs

Hardware: ASA 5520, 512 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB
0: Ext: GigabitEthernet0 : address is 0000.ab2c.3a00, irq 0
1: Ext: GigabitEthernet1 : address is 0000.ab2c.3a01, irq 0
2: Ext: GigabitEthernet2 : address is 0000.ab2c.3a02, irq 0
3: Ext: GigabitEthernet3 : address is 0000.ab2c.3a03, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 10 perpetual
Total UC Proxy Sessions : 10 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Enabled perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
Configuration register is 0x0
Configuration has not been modified since last system restart.
ciscoasa#

已激活

下面是两个license:

用这两条命令分两次激活,第一次很快,第二次很慢,估计需要六七分钟。

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6