Cisco ASA 5585 with firepower upgrade 升级 配置证书
想简单描述一下,但看着长,还是把过程都写上吧,记性不好,以后忘了,更重要的是过程记录这原理也许会对以后理解有很大帮助,可以看看。
如果想急功近利立刻就好,那么黑体字都不超过15句,照着做应该能完成升级
CISCO ASA 5585 with firepower 升版本分为两部分,因为asa防火墙分为asa的底层系统 和 firepower 服务,所以分别升级
第一步,最简单的,升级asa防火墙固件,和asdm,如果你是8.x版本,那么要参照这个列表http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/upgrade/upgrade96.html按步骤升级,
第二步,升级firepower服务(此步骤另说)
也许你看到了FX-OS,那个是给firepower 4000/9000用的,asa5500系列用不了硬件,FX-OS可能是连底层系统和firepower服务一体的操作系统,以后会是firepower的防火墙和FX-OS的系统
ciscoasa# dir ###查看目录
Directory of disk0:/
21 drwx 32768 00:34:46 Apr 02 2016 coredumpinfo
145 -rwx 52457472 00:36:28 Apr 02 2016 asa922-4-smp-k8.bin
146 -rwx 24070880 00:37:04 Apr 02 2016 asdm-7221.bin
147 -rwx 65536 00:00:00 Jan 01 1980 FSCK0000.REC
10 drwx 32768 00:41:54 Apr 02 2016 log
20 drwx 32768 00:42:50 Apr 02 2016 crypto_archive
149 -rwx 65536 00:00:00 Jan 01 1980 FSCK0001.REC
150 -rwx 12998641 00:43:10 Apr 02 2016 csd_3.5.2008-k9.pkg
151 drwx 32768 00:43:10 Apr 02 2016 sdesktop
152 -rwx 6487517 00:43:12 Apr 02 2016 anyconnect-macosx-i386-2.5.2014-k9.pkg
153 -rwx 6689498 00:43:12 Apr 02 2016 anyconnect-linux-2.5.2014-k9.pkg
154 -rwx 4678691 00:43:14 Apr 02 2016 anyconnect-win-2.5.2014-k9.pkg
155 -rwx 32768 00:00:00 Jan 01 1980 FSCK0002.REC
156 -rwx 32768 00:00:00 Jan 01 1980 FSCK0003.REC
157 -rwx 32768 00:00:00 Jan 01 1980 FSCK0004.REC
158 -rwx 32768 00:00:00 Jan 01 1980 FSCK0005.REC
159 -rwx 32768 00:00:00 Jan 01 1980 FSCK0006.REC
160 -rwx 32768 00:00:00 Jan 01 1980 FSCK0007.REC
161 -rwx 32768 00:00:00 Jan 01 1980 FSCK0008.REC
162 -rwx 32768 00:00:00 Jan 01 1980 FSCK0009.REC
163 -rwx 32768 00:00:00 Jan 01 1980 FSCK0010.REC
164 -rwx 32768 00:00:00 Jan 01 1980 FSCK0011.REC
165 -rwx 65536 00:00:00 Jan 01 1980 FSCK0012.REC
166 -rwx 65536 00:00:00 Jan 01 1980 FSCK0013.REC
167 -rwx 65536 00:00:00 Jan 01 1980 FSCK0014.REC
168 -rwx 32768 00:00:00 Jan 01 1980 FSCK0015.REC
169 -rwx 32768 00:00:00 Jan 01 1980 FSCK0016.REC
170 -rwx 32768 00:00:00 Jan 01 1980 FSCK0017.REC
171 -rwx 32768 00:00:00 Jan 01 1980 FSCK0018.REC
172 -rwx 32768 00:00:00 Jan 01 1980 FSCK0019.REC
2007171072 bytes total (1897070592 bytes free)
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 9.2(2)4
Device Manager Version 7.2(2)1
Compiled on Tue 29-Jul-14 23:41 PDT by builders
System p_w_picpath file is "disk0:/asa922-4-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 days 4 hours
Hardware: ASA5585-SSP-20, 12288 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash S25FL032P @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 2
Programmable device : Cisco CPLD revision 0x8
0: Int: Internal-Data0/0 : address is 0000.0001.0001, irq 5
2: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 10
5: Ext: Management0/0 : address is 70e4.22ce.dc20, irq 10
6: Ext: Management0/1 : address is 70e4.22ce.dc21, irq 5
28: Ext: GigabitEthernet0/0 : address is 70e4.22ce.dc22, irq 255
29: Ext: GigabitEthernet0/1 : address is 70e4.22ce.dc23, irq 255
30: Ext: GigabitEthernet0/2 : address is 70e4.22ce.dc24, irq 255
31: Ext: GigabitEthernet0/3 : address is 70e4.22ce.dc25, irq 255
32: Ext: GigabitEthernet0/4 : address is 70e4.22ce.dc26, irq 255
33: Ext: GigabitEthernet0/5 : address is 70e4.22ce.dc27, irq 255
34: Ext: GigabitEthernet0/6 : address is 70e4.22ce.dc28, irq 255
35: Ext: GigabitEthernet0/7 : address is 70e4.22ce.dc29, irq 255
36: Ext: TenGigabitEthernet0/8: address is 70e4.22ce.dc2a, irq 255
37: Ext: TenGigabitEthernet0/9: address is 70e4.22ce.dc2b, irq 255
38: Int: Internal-Data0/2 : address is 0000.0100.0027, irq 255
39: Int: Internal-Data0/3 : address is 0000.0100.0028, irq 255
40: Int: Internal-Data0/4 : address is 0000.0100.0029, irq 255
41: Int: Internal-Data0/5 : address is 0000.0100.002a, irq 255
42: Int: Internal-Data0/6 : address is 0000.0100.002b, irq 255
43: Int: Internal-Data0/7 : address is 0000.0100.002c, irq 255
44: Int: Internal-Data0/8 : address is 0000.0100.002d, irq 255
45: Int: Internal-Data0/9 : address is 0000.0100.002e, irq 255
46: Ext: GigabitEthernet1/0 : address is 70e4.22ce.db56, irq 255
47: Ext: GigabitEthernet1/1 : address is 70e4.22ce.db57, irq 255
48: Ext: GigabitEthernet1/2 : address is 70e4.22ce.db58, irq 255
49: Ext: GigabitEthernet1/3 : address is 70e4.22ce.db59, irq 255
50: Ext: GigabitEthernet1/4 : address is 70e4.22ce.db5a, irq 255
51: Ext: GigabitEthernet1/5 : address is 70e4.22ce.db5b, irq 255
52: Ext: GigabitEthernet1/6 : address is 70e4.22ce.db5c, irq 255
53: Ext: GigabitEthernet1/7 : address is 70e4.22ce.db5d, irq 255
54: Ext: TenGigabitEthernet1/8: address is 70e4.22ce.db5e, irq 255
55: Ext: TenGigabitEthernet1/9: address is 70e4.22ce.db5f, irq 255
56: Int: Internal-Data1/0 : address is 0100.0100.0039, irq 255
57: Int: Internal-Data1/1 : address is 0100.0100.003a, irq 255
58: Int: Internal-Data1/2 : address is 0100.0100.003b, irq 255
59: Int: Internal-Data1/3 : address is 0100.0100.003c, irq 255
60: Int: Internal-Data1/4 : address is 0100.0100.003d, irq 255
61: Int: Internal-Data1/5 : address is 0100.0100.003e, irq 255
62: Int: Internal-Data1/6 : address is 0100.0100.003f, irq 255
63: Int: Internal-Data1/7 : address is 0100.0100.0040, irq 255
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other ××× Peers : 10000 perpetual
Total ××× Peers : 10000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco ××× Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Enabled perpetual
This platform has an ASA5585-SSP-20 ××× Premium license.
Serial Number: JAD201202ME
Running Permanent Activation Key: 0x9306f871 0x5005cd26 0xfd808568 0xe0c8544c 0x8113d59a
Configuration register is 0x1
Configuration last modified by enable_15 at 21:17:58.339 UTC Thu Jan 19 2017
ciscoasa# copy tftp: disk0:/
Address or name of remote host []? 10.208.224.8
Source filename []? asa962-7-smp-k8.bin
Destination filename [asa962-7-smp-k8.bin]?
Accessing tftp://10.208.224.8/asa962-7-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa962-7-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
89874432 bytes copied in 173.680 secs (519505 bytes/sec)
ciscoasa# copy tftp: disk0:/
Address or name of remote host [10.208.224.8]?
Source filename [asa962-7-smp-k8.bin]? asdm-762-150.bin
Destination filename [asdm-762-150.bin]?
Accessing tftp://10.208.224.8/asdm-762-150.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asdm-762-150.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
26053720 bytes copied in 47.40 secs (554334 bytes/sec)
ciscoasa# dir
Directory of disk0:/
21 drwx 32768 00:34:46 Apr 02 2016 coredumpinfo
145 -rwx 52457472 00:36:28 Apr 02 2016 asa922-4-smp-k8.bin
146 -rwx 24070880 00:37:04 Apr 02 2016 asdm-7221.bin
147 -rwx 65536 00:00:00 Jan 01 1980 FSCK0000.REC
10 drwx 32768 00:41:54 Apr 02 2016 log
20 drwx 32768 00:42:50 Apr 02 2016 crypto_archive
149 -rwx 65536 00:00:00 Jan 01 1980 FSCK0001.REC
150 -rwx 12998641 00:43:10 Apr 02 2016 csd_3.5.2008-k9.pkg
151 drwx 32768 00:43:10 Apr 02 2016 sdesktop
152 -rwx 6487517 00:43:12 Apr 02 2016 anyconnect-macosx-i386-2.5.2014-k9.pkg
153 -rwx 6689498 00:43:12 Apr 02 2016 anyconnect-linux-2.5.2014-k9.pkg
154 -rwx 4678691 00:43:14 Apr 02 2016 anyconnect-win-2.5.2014-k9.pkg
155 -rwx 32768 00:00:00 Jan 01 1980 FSCK0002.REC
156 -rwx 32768 00:00:00 Jan 01 1980 FSCK0003.REC
157 -rwx 32768 00:00:00 Jan 01 1980 FSCK0004.REC
158 -rwx 32768 00:00:00 Jan 01 1980 FSCK0005.REC
159 -rwx 32768 00:00:00 Jan 01 1980 FSCK0006.REC
160 -rwx 32768 00:00:00 Jan 01 1980 FSCK0007.REC
161 -rwx 32768 00:00:00 Jan 01 1980 FSCK0008.REC
162 -rwx 32768 00:00:00 Jan 01 1980 FSCK0009.REC
163 -rwx 32768 00:00:00 Jan 01 1980 FSCK0010.REC
164 -rwx 32768 00:00:00 Jan 01 1980 FSCK0011.REC
165 -rwx 65536 00:00:00 Jan 01 1980 FSCK0012.REC
166 -rwx 65536 00:00:00 Jan 01 1980 FSCK0013.REC
167 -rwx 65536 00:00:00 Jan 01 1980 FSCK0014.REC
168 -rwx 32768 00:00:00 Jan 01 1980 FSCK0015.REC
169 -rwx 32768 00:00:00 Jan 01 1980 FSCK0016.REC
170 -rwx 32768 00:00:00 Jan 01 1980 FSCK0017.REC
171 -rwx 32768 00:00:00 Jan 01 1980 FSCK0018.REC
172 -rwx 32768 00:00:00 Jan 01 1980 FSCK0019.REC
175 -rwx 89874432 02:04:21 Jan 23 2017 asa962-7-smp-k8.bin
176 -rwx 26053720 02:05:30 Jan 23 2017 asdm-762-150.bin
2007171072 bytes total (1781104640 bytes free)
ciscoasa(config)# sh bootvar
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# boot system disk0:/asa962-7-smp-k8.bin ###设置system 启动文件
ciscoasa(config)# asdm p_w_picpath disk0:/asdm-762-150.bin ###设置p_w_picpath启动文件
ciscoasa# wr ###保存配置
Building configuration...
Cryptochecksum: f8ce634e c16b2a92 153017f3 2b0db929
4988 bytes copied in 1.430 secs (4988 bytes/sec)
[OK]
ciscoasa# sh bootvar
BOOT variable = disk0:/asa962-7-smp-k8.bin
Current BOOT variable = disk0:/asa962-7-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# reload
Proceed with reload? [confirm] ###重启
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
ciscoasa(config)# sh bootvar
BOOT variable = disk0:/asa962-7-smp-k8.bin
Current BOOT variable = disk0:/asa962-7-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# sh ver ###核对版本
Cisco Adaptive Security Appliance Software Version 9.6(2)7
Device Manager Version 7.6(2)150
Compiled on Mon 05-Dec-16 12:22 PST by builders
System p_w_picpath file is "disk0:/asa962-7-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 4 mins 17 secs
Hardware: ASA5585-SSP-20, 12029 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash S25FL032P @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 2
Programmable device : Cisco CPLD revision 0x8
0: Int: Internal-Data0/0 : address is 0000.0001.0001, irq 5
最后申请个license,因为要用cluster功能,得去申请,以前低端的好像自己就能申请,去cisco官网/go/license get other licenses --》 IPS,Crypto,Other --》cisco asa 3des/aes license,输入序列号下一步即可
可是这次的5585可能比5515 5525高端,在go/license里申请了,无效,好多功能还是没有开启,是有cisco给申请了,开个case吧,license就是一组绑了序列号等的校验密码组,收到后activation-key一下就ok了,一般不用重启。
如下,以其中一台为例:
ciscoasa# sh version ###查看版本
Cisco Adaptive Security Appliance Software Version 9.6(2)7
Device Manager Version 7.6(2)150
Compiled on Mon 05-Dec-16 12:22 PST by builders
System p_w_picpath file is "disk0:/asa962-7-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 day 4 hours
Hardware: ASA5585-SSP-20, 12029 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash S25FL032P @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 2
Programmable device : Cisco CPLD revision 0x8
0: Int: Internal-Data0/0 : address is 0000.0001.0001, irq 5
2: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 10
5: Ext: Management0/0 : address is 0078.8805.4b2c, irq 10
6: Ext: Management0/1 : address is 0078.8805.4b2d, irq 5
28: Ext: GigabitEthernet0/0 : address is 0078.8805.4b2e, irq 255
29: Ext: GigabitEthernet0/1 : address is 0078.8805.4b2f, irq 255
30: Ext: GigabitEthernet0/2 : address is 0078.8805.4b30, irq 255
31: Ext: GigabitEthernet0/3 : address is 0078.8805.4b31, irq 255
32: Ext: GigabitEthernet0/4 : address is 0078.8805.4b32, irq 255
33: Ext: GigabitEthernet0/5 : address is 0078.8805.4b33, irq 255
34: Ext: GigabitEthernet0/6 : address is 0078.8805.4b34, irq 255
35: Ext: GigabitEthernet0/7 : address is 0078.8805.4b35, irq 255
36: Ext: TenGigabitEthernet0/8: address is 0078.8805.4b36, irq 255
37: Ext: TenGigabitEthernet0/9: address is 0078.8805.4b37, irq 255
38: Int: Internal-Data0/2 : address is 0000.0100.0027, irq 255
39: Int: Internal-Data0/3 : address is 0000.0100.0028, irq 255
40: Int: Internal-Data0/4 : address is 0000.0100.0029, irq 255
41: Int: Internal-Data0/5 : address is 0000.0100.002a, irq 255
42: Int: Internal-Data0/6 : address is 0000.0100.002b, irq 255
43: Int: Internal-Data0/7 : address is 0000.0100.002c, irq 255
44: Int: Internal-Data0/8 : address is 0000.0100.002d, irq 255
45: Int: Internal-Data0/9 : address is 0000.0100.002e, irq 255
46: Ext: GigabitEthernet1/0 : address is 0078.8805.4c1e, irq 255
47: Ext: GigabitEthernet1/1 : address is 0078.8805.4c1f, irq 255
48: Ext: GigabitEthernet1/2 : address is 0078.8805.4c20, irq 255
49: Ext: GigabitEthernet1/3 : address is 0078.8805.4c21, irq 255
50: Ext: GigabitEthernet1/4 : address is 0078.8805.4c22, irq 255
51: Ext: GigabitEthernet1/5 : address is 0078.8805.4c23, irq 255
52: Ext: GigabitEthernet1/6 : address is 0078.8805.4c24, irq 255
53: Ext: GigabitEthernet1/7 : address is 0078.8805.4c25, irq 255
54: Ext: TenGigabitEthernet1/8: address is 0078.8805.4c26, irq 255
55: Ext: TenGigabitEthernet1/9: address is 0078.8805.4c27, irq 255
56: Int: Internal-Data1/0 : address is 0100.0100.0039, irq 255
57: Int: Internal-Data1/1 : address is 0100.0100.003a, irq 255
58: Int: Internal-Data1/2 : address is 0100.0100.003b, irq 255
59: Int: Internal-Data1/3 : address is 0100.0100.003c, irq 255
60: Int: Internal-Data1/4 : address is 0100.0100.003d, irq 255
61: Int: Internal-Data1/5 : address is 0100.0100.003e, irq 255
62: Int: Internal-Data1/6 : address is 0100.0100.003f, irq 255
63: Int: Internal-Data1/7 : address is 0100.0100.0040, irq 255
Licensed features for this platform: ###各种所需功能
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other ××× Peers : 10000 perpetual
Total ××× Peers : 10000 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco ××× Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5585-SSP-20 ××× Premium license.
Serial Number: JAD201202NP
Running Permanent Activation Key: 0xc53dd057 0xf4b003be 0x70e25120 0x87f44c60 0x4a221b98
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
ciscoasa#
ciscoasa# activation-key c53dd057 f4b003be 70e25120 87f44c60 4a221b98 ###上面的sh ver可以看到cluster 是disable 的 ,申请个激活证书并激活,然并卵,证书不对
Validating activation key. This may take a few minutes...
The requested key is the SAME as the flash permanent activation-key.
The flash activation key will not be modified.
ciscoasa# sh version ###验证一下
Cisco Adaptive Security Appliance Software Version 9.6(2)7
Device Manager Version 7.6(2)150
Compiled on Mon 05-Dec-16 12:22 PST by builders
System p_w_picpath file is "disk0:/asa962-7-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 day 4 hours
Hardware: ASA5585-SSP-20, 12029 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash S25FL032P @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 2
Programmable device : Cisco CPLD revision 0x8
0: Int: Internal-Data0/0 : address is 0000.0001.0001, irq 5
2: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 10
5: Ext: Management0/0 : address is 0078.8805.4b2c, irq 10
6: Ext: Management0/1 : address is 0078.8805.4b2d, irq 5
28: Ext: GigabitEthernet0/0 : address is 0078.8805.4b2e, irq 255
29: Ext: GigabitEthernet0/1 : address is 0078.8805.4b2f, irq 255
30: Ext: GigabitEthernet0/2 : address is 0078.8805.4b30, irq 255
31: Ext: GigabitEthernet0/3 : address is 0078.8805.4b31, irq 255
32: Ext: GigabitEthernet0/4 : address is 0078.8805.4b32, irq 255
33: Ext: GigabitEthernet0/5 : address is 0078.8805.4b33, irq 255
34: Ext: GigabitEthernet0/6 : address is 0078.8805.4b34, irq 255
35: Ext: GigabitEthernet0/7 : address is 0078.8805.4b35, irq 255
36: Ext: TenGigabitEthernet0/8: address is 0078.8805.4b36, irq 255
37: Ext: TenGigabitEthernet0/9: address is 0078.8805.4b37, irq 255
38: Int: Internal-Data0/2 : address is 0000.0100.0027, irq 255
39: Int: Internal-Data0/3 : address is 0000.0100.0028, irq 255
40: Int: Internal-Data0/4 : address is 0000.0100.0029, irq 255
41: Int: Internal-Data0/5 : address is 0000.0100.002a, irq 255
42: Int: Internal-Data0/6 : address is 0000.0100.002b, irq 255
43: Int: Internal-Data0/7 : address is 0000.0100.002c, irq 255
44: Int: Internal-Data0/8 : address is 0000.0100.002d, irq 255
45: Int: Internal-Data0/9 : address is 0000.0100.002e, irq 255
46: Ext: GigabitEthernet1/0 : address is 0078.8805.4c1e, irq 255
47: Ext: GigabitEthernet1/1 : address is 0078.8805.4c1f, irq 255
48: Ext: GigabitEthernet1/2 : address is 0078.8805.4c20, irq 255
49: Ext: GigabitEthernet1/3 : address is 0078.8805.4c21, irq 255
50: Ext: GigabitEthernet1/4 : address is 0078.8805.4c22, irq 255
51: Ext: GigabitEthernet1/5 : address is 0078.8805.4c23, irq 255
52: Ext: GigabitEthernet1/6 : address is 0078.8805.4c24, irq 255
53: Ext: GigabitEthernet1/7 : address is 0078.8805.4c25, irq 255
54: Ext: TenGigabitEthernet1/8: address is 0078.8805.4c26, irq 255
55: Ext: TenGigabitEthernet1/9: address is 0078.8805.4c27, irq 255
56: Int: Internal-Data1/0 : address is 0100.0100.0039, irq 255
57: Int: Internal-Data1/1 : address is 0100.0100.003a, irq 255
58: Int: Internal-Data1/2 : address is 0100.0100.003b, irq 255
59: Int: Internal-Data1/3 : address is 0100.0100.003c, irq 255
60: Int: Internal-Data1/4 : address is 0100.0100.003d, irq 255
61: Int: Internal-Data1/5 : address is 0100.0100.003e, irq 255
62: Int: Internal-Data1/6 : address is 0100.0100.003f, irq 255
63: Int: Internal-Data1/7 : address is 0100.0100.0040, irq 255
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other ××× Peers : 10000 perpetual
Total ××× Peers : 10000 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco ××× Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5585-SSP-20 ××× Premium license.
Serial Number: JAD201202NP
Running Permanent Activation Key: 0xc53dd057 0xf4b003be 0x70e25120 0x87f44c60 0x4a221b98
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
最后开case,cisco给个证书,执行activation-key 即可
转载于:https://blog.51cto.com/ksitigarbha/1894173
Cisco ASA 5585 with firepower upgrade 升级 配置证书相关推荐
- CISCO ASA 防火墙 IOS恢复与升级
在IOS被误清除时的处理办法: 1.从tftp上的ios启动防火墙 防火墙启动后 ,按"ESC"键进入监控模式 rommon #2> ADDRESS=192.168.1.11 ...
- Cisco asa 5510升级IOS和ASDM
Cisco asa <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" ...
- cisco ASA ios升级或恢复
cisco ASA ios升级或恢复 一.升级前准备工作 1.准备好所要升级的IOS文件及对应的ASDM文件 2.在一台电脑上架设好tftp,设置好目录,与防火墙进行连接(假设电脑IP为192.168 ...
- 配置Cisco ASA and Cisco *** Client 4.x with Windows 2003 IAS RADIUS Authentication
配置Cisco ASA and Cisco *** Client 4.x with Windows 2003 IAS RADIUS Authentication <?xml:namespace ...
- 配置 Cisco ASA Static IP Addressing or DHCP for IPSec ××× Client
配置 Cisco ASA Static IP Addressin g or DHCP for IPSec ××× Client <?xml:namespace prefix = o ns = & ...
- Cisco Firepower FTD HA 配置文档
请访问原文链接:https://sysin.org/blog/cisco-firepower-ha-config/,查看最新版.原创作品,转载请保留出处. 作者:gc(at)sysin.org,主页: ...
- Cisco ASA 5520配置笔记
基本规则 1) 默认情况下,ASA只对穿越的TCP/UDP流量维护状态化信息,由于ping使用icmp,所以默认是ping不通的. 2) 接口安全级别的范围为0-100,inside接口安全级别默认为 ...
- Cisco ASA 5520 基本配置
cisco asa5520 基本配置 一般网络机构来理解asa5520 外网-----asa5520----分别是内网和dmz asa配置都在全局模式下配置,很多跟cisco路由交换的一样(大同小异) ...
- Cisco ASA(防火墙)基本配置
Cisco ASA 分为软件防火墙和硬件防火墙. 其中,硬件防火墙比软件防火墙更有优势: 1).硬件防火墙功能强大,且明确是为抵御威胁而设计的. 2).硬件防火墙比软件防火墙的漏洞少. Cisco 硬 ...
最新文章
- 在Ubuntu 16.04.1 LTS上测试Linux AIO功能实录
- php curl流方式远程下载大文件
- Android(安卓)一个简单的聊天界面的实现(eclipse实现)
- 【AI初识境】给深度学习新手开始项目时的10条建议
- web前端技巧-ES6新特性与重点知识汇总(三)
- JSON JsonArray和JsonObject学习资料
- 人工智能的搭便车指南
- C# 图片、文件等加入Project Resources
- C++ setprecision()用法
- [html] html和html5有什么区别呢?
- java递归 优点缺点_java编程之递归算法总结
- oracle 密码管理,【转载】Oracle密码管理五大要点(一)
- ajax--跨域问题及三种简单的解决方案
- Tableau可视化学习笔记:day03-04
- linux文件系统简析
- 黑马程序员__用户禁用cookie后登录不成功的原因
- Python: ModuleNotFoundError解决方案
- idea2020更新功能_idea2020 插件备份
- 关于Mac学习C语言通过vscode如何编译运行代码
- html 颜色五光十色,页面色彩搭配基础知识.PDF