Cisco ASA – How to Deactivate Security Plus License on ASA 5585

ciscocisco-asafirewall

We activate Cisco licence L-ASA5585-SEC-PL (Security Plus) to enable 10G ports and everything working but now i want to deactivate that licence but i am getting this error

ciscoasa(config)# activation-key 0xf623f145 0xb4222d16 0x89719178 0xfba46111 0xffffffff
This is a permanent activation key and cannot be deactivated.

Is this permanent so we can't remove it forever? or next software upgrade will wipe it out?

How to deactivate if we don't want to use it?

Best Answer

You can only deactivate Time-Based Keys as per the Cisco Documentation. The permanent key must be replaced with another permanent key with fewer features.

The activate and deactivate keywords are available for time-based keys only. If you do not enter any value, activate is the default. The last time-based key that you activate for a given feature is the active one. To deactivate any active time-based key, enter the deactivate keyword. If you enter a key for the first time, and specify deactivate, then the key is installed on the ASA in an inactive state.

The documentation also states:

You can install one permanent key, and multiple time-based keys. If you enter a new permanent key, it overwrites the already installed one.

Thus, if you wish to revert, you must overwrite the current permanent key with another permanent key with fewer features. If you do not have such a key on-hand, you will need to contact the Cisco License Team. A user in another forum reported that they were able to accomplish this successfully.

Best Answer

Related Solutions

Cisco – ASA 5585-X IPS-SSP image recovery

Cisco ASA: which side is “inside” with same security-level

Related Topic