[rancid] Cisco PIX / ASA Activation key ?

Discussion:

Brian Ipsen

2008-01-29 11:20:15 UTC

Hi

Looking through the code, I can see, that there are something listed with activations keys - but these are not listed as comments in my PIX/ASA configuration dumps...

Is it possible to get the activation keys stores as a comment in the config dump as well ??

Med venlig hilsen / Kind regards
Brian Ipsen

Brian Ipsen

2008-01-29 11:55:12 UTC

Permalink

Hi,

The pix is running 6.3(5)

My dump file for this device looks like:

!RANCID-CONTENT-TYPE: cisco
!
!Chassis type: PIX-501 - a PIX
!CPU: Am5x86 133 MHz
!
!Memory: 16 MB RAM
!This PIX has a Restricted (R) license.
!Serial Number: xxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!Image: Compiled: on Thu 04-Aug-05 21:40 by morlee
!
!
!
!Flash: flash file system: version:3 magic:0x12345679
!Flash: file 0: origin: 0 length:1978424
!Flash: file 1: origin: 2097152 length:6650
!Flash: file 2: origin: 2228224 length:1925
!Flash: file 3: origin: 2359296 length:3152452
!Flash: file 4: origin: 0 length:0
!Flash: file 5: origin: 7864320 length:308
!
!
: Saved
:

Show version reveals:

Running Activation Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa

And for Cisco ASA:

!RANCID-CONTENT-TYPE: cisco
!
!Chassis type: ASA5510 - a PIX
!CPU: Pentium 4 Celeron 1600 MHz
!
!Memory: 256 MB RAM
!Serial Number:xxxxxxxxxx
!
!
!
!Image: Compiled: on Wed 22-Nov-06 14:16 by builders
!Image: disk0:/asa722-k8.bin
!
!
!
!
!BootFlash: BOOT variable = disk0:/asa722-k8.bin
!BootFlash: Current BOOT variable = disk0:/asa722-k8.bin
!BootFlash: CONFIG_FILE variable =
!BootFlash: Current CONFIG_FILE variable =
!
!BootFlash: BOOT variable = disk0:/asa722-k8.bin
!BootFlash: Current BOOT variable = disk0:/asa722-k8.bin
!BootFlash: CONFIG_FILE variable =
!BootFlash: Current CONFIG_FILE variable =
!
!Flash: -#- --length-- -----date/time------ path
!Flash: 8 8312832 Dec 04 2006 07:00:14 asa722-k8.bin
!Flash: 9 5623108 Dec 04 2006 07:07:22 asdm-522.bin
!Flash: 241418240 bytes available (14008320 bytes used)
!
!Flash: disk0: Directory of disk0:/
!Flash: disk0: 8 -rw- 8312832 07:00:14 Dec 04 2006 asa722-k8.bin
!Flash: disk0: 9 -rw- 5623108 07:07:22 Dec 04 2006 asdm-522.bin
!Flash: disk0: 255426560 bytes total (241418240 bytes free)
!
!
!Slot 0: hvers 1.1, firmware 1.0(11)2, sw 7.2(2)
!

And "Show version" for the ASA:

Running Activation Key: 0xbbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb 0xbbbbbbbb

Med venlig hilsen / Kind regards
Brian Ipsen

RackPeople ApS
Dynamovej 11C, 2 sal
DK-2730 Herlev

Mobil: +45 25 41 49 13
Tel: +45 70 25 35 90
Fax: +45 70 25 35 91
Support: +45 70 26 27 02
Internet: www.rackpeople.dk
Email: ***@rackpeople.dk

___________________________________

-----Original Message-----
From: Regnar Bang Lyngsø [mailto:***@aak.com]
Sent: 29. januar 2008 12:50
To: Brian Ipsen
Cc: rancid-***@shrubbery.net; rancid-discuss-***@shrubbery.net
Subject: Re: [rancid] Cisco PIX / ASA Activation key ?

Post by Brian Ipsen
Looking through the code, I can see, that there are something
listed with activations keys ? but these are not listed as comments
in my PIX/ASA configuration dumps?

Using which version of rancid? Which PIX version?

On PIX 6.3:

!RANCID-CONTENT-TYPE: cisco
!This PIX has an Unrestricted (UR) license.
!Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa

Rancid parses the information from the command "show version". Is the
activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa
0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your
platform/software version?

Regards,
--
Regnar Bang Lyngsø, Network Administrator
AarhusKarlshamn Denmark A/S
M.P. Bruuns Gade 27, DK-8000 Århus C, Denmark
Email: mailto:***@aak.com
Phone: +45 87 30 61 65 Mobile: +45 40 45 08 89
Registered office: Aarhus Reg. no: 15672099

Regnar Bang Lyngsø

2008-01-29 11:50:27 UTC

Permalink

Post by Brian Ipsen
Looking through the code, I can see, that there are something
listed with activations keys ? but these are not listed as comments
in my PIX/ASA configuration dumps?

--
Regnar Bang Lyngsø, Network Administrator
AarhusKarlshamn Denmark A/S
M.P. Bruuns Gade 27, DK-8000 Århus C, Denmark
Email: mailto:***@aak.com
Phone: +45 87 30 61 65 Mobile: +45 40 45 08 89
Registered office: Aarhus Reg. no: 15672099

Sam Munzani

2008-01-29 17:12:49 UTC

Permalink

Do you ever wonder why in the world you care about backing up the
activation keys? Its not something that gets lost how many times you
wipe your firewall config. The old key doesn't do you any good on
replacement hardware if your hardware is dead and you need it replaced.
In my mind, its useless information and one should not care about it.

Don't get me wrong here. The output of "show version" has value here
because it gives a lot of other valuable info. e.g. uptime, last
configuration modification timestamp etc.

Thanks,
Sam

Post by Brian Ipsen

Post by Brian Ipsen
Looking through the code, I can see, that there are something
listed with activations keys ? but these are not listed as comments
in my PIX/ASA configuration dumps?

Using which version of rancid? Which PIX version?
!RANCID-CONTENT-TYPE: cisco
!This PIX has an Unrestricted (UR) license.
!Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
Rancid parses the information from the command "show version". Is the
activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa
0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your
platform/software version?
Regards,

Brian Ipsen

2008-01-29 21:35:37 UTC

Permalink

Hi

The reason for my question is that I just had an ASA5505, which (for some weird reason) corrupted the flash drive, so I had to reformat/initialize it. When booting the device, the activation key was zeroized... Not a problem for the specific device, since it is a 10-user without any additional features... But it would have been disappointing, if it had been an unlimited users version, maybe with the software that also allows trunking etc (since there's a cost for the software license)..

Med venlig hilsen / Kind regards
Brian Ipsen

___________________________________

From: Sam Munzani [mailto:***@comcast.net]
Sent: 29. januar 2008 18:13
To: Regnar Bang Lyngsø
Cc: Brian Ipsen; rancid-discuss-***@shrubbery.net; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: Cisco PIX / ASA Activation key ?

Do you ever wonder why in the world you care about backing up the activation keys? Its not something that gets lost how many times you wipe your firewall config. The old key doesn't do you any good on replacement hardware if your hardware is dead and you need it replaced. In my mind, its useless information and one should not care about it.

Don't get me wrong here. The output of "show version" has value here because it gives a lot of other valuable info. e.g. uptime, last configuration modification timestamp etc.

Thanks,
Sam

rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net> wrote on 29-01-2008 12:20:15:

Looking through the code, I can see, that there are something

listed with activations keys ? but these are not listed as comments

in my PIX/ASA configuration dumps?

Using which version of rancid? Which PIX version?

On PIX 6.3:

!RANCID-CONTENT-TYPE: cisco

!This PIX has an Unrestricted (UR) license.

!Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa

Rancid parses the information from the command "show version". Is the

activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa

0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your

platform/software version?

Regards,

Sam Munzani

2008-01-29 21:53:06 UTC

Permalink

I understand your point and it saves hassle. However if you request
license key again from CCO login, it doesn't cost anything. It an
automated process that emails you your license key(whatever you paid for
as per their database). I had such case in past and all I had to do was
request a 3DES key from the CCO URL below.
http://www.cisco.com/go/license

But again, if you had it backed up, you could refer to rancid config
file for this key since its part of the "show ver" command rancid does.

Thanks,
Sam

Post by Brian Ipsen
Hi
The reason for my question is that I just had an ASA5505, which (for
some weird reason) corrupted the flash drive, so I had to
reformat/initialize it. When booting the device, the activation key
was zeroized... Not a problem for the specific device, since it is a
10-user without any additional features... But it would have been
disappointing, if it had been an unlimited users version, maybe with
the software that also allows trunking etc (since there's a cost for
the software license)..
Med venlig hilsen / Kind regards
*Brian Ipsen*
___________________________________
*Sent:* 29. januar 2008 18:13
*To:* Regnar Bang Lyngsø
*Subject:* Re: [rancid] Re: Cisco PIX / ASA Activation key ?
Do you ever wonder why in the world you care about backing up the
activation keys? Its not something that gets lost how many times you
wipe your firewall config. The old key doesn't do you any good on
replacement hardware if your hardware is dead and you need it
replaced. In my mind, its useless information and one should not care
about it.
Don't get me wrong here. The output of "show version" has value here
because it gives a lot of other valuable info. e.g. uptime, last
configuration modification timestamp etc.
Thanks,
Sam
Looking through the code, I can see, that there are something
listed with activations keys ? but these are not listed as comments
in my PIX/ASA configuration dumps?
Using which version of rancid? Which PIX version?
!RANCID-CONTENT-TYPE: cisco
!This PIX has an Unrestricted (UR) license.
!Key: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
Rancid parses the information from the command "show version". Is the
activation code listed as "Activation Key: 0xaaaaaaaa 0xaaaaaaaa
0xaaaaaaaa 0xaaaaaaaa" when issuing "show version" on your
platform/software version?
Regards,