There maybe a time when you need to upgrade your license on a Cisco Adaptive Security Appliance (ASA).  The license is responsible for what feature set you have on the firewall and a comparison of licenses can be found here (v9.1).

The first step is to register your PAK key on the Cisco website.  The PAK key can be activated here and will require the device’s serial number to complete.  Follow the activation wizard and you will receive an email from Cisco with the activation key. https://www.cisco.com/go/license

The process itself is quite straightforward. But, before we get started it’s highly recommended to take a copy of the current activation key the ASA is running with, take a running configuration backup and take a copy of the version properties.  

To view this the current activation key and version properties, use the following commands:

giantsandrunts#show activation-key
giantsandrunts#show version

Great, we’ve now got everything backed up, we now need to go into configuration mode and issue the below command:

giantsandrunts(config)#activation-key xxxxxxxx yyyyyyyy zzzzzzzz xxxxxxxx yyyyyyyy

At this point, there is no verification that we can do as this will not show in the version properties or the activation key properties until the firewall has been reloaded.  Proceed to reload the firewall, which should take anywhere between 5 and 20 minutes. It’s good practice to provide a reason for the reload.

giantsandrunts#reload reason license upgrade

The final steps are to verify the activation key and the features which are available in the version properties.  

To conclude, this article has walked you through a license upgrade to an Adaptive Security Device and it has provided you ways of verifying after the upgrade process.