2-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 Preparing Devices for Management
Configuring Licenses on Cisco ASA Devices
Step 7 Specify a name for a Command Scheduler policy and enter kron-policy configuration mode. The name
can be 1 to 31 characters. If the list-name is new, a policy list structure is created. If the list-name is not
new, the existing policy list is edited.
hostname(config)# kron policy-list list-name
Step 8 Retrieve the configuration from the staged CNS job. Specify the IP address of the CNS server. You must
use JobbedDynaConfig status so that the device retrieves the config from the staged CNS job;
otherwise, the device retrieves the template associated with the device.
hostname(config-kron-policy)# cli cns config retrieve ip_address
page /cns/JobbedDynaConfig status http:// ip_address /cns/PostStatus
Step 9 Exit kron-policy configuration mode and return to configuration mode.
hostname(config-kron-policy)# exit
Step 10 Enable and configure the CNS execute agent.
hostname(config)# cns exec
Step 11 Exit configuration mode and return to Exec mode.
hostname(config)# exit
Step 12 Save the configuration changes.
hostname# write memory
Configuring Licenses on Cisco ASA Devices
Devices that run Cisco ASA Software require Product Activation Keys for each feature license. Some
licenses are optional, such as Botnet Traffic Filtering, and can be time-based. Other features are standard
on some models, but optional on others, such as the Failover license, which is optional on the 5505 and
5510 models but standard on all other models.
You cannot install or activate ASA licenses through Security Manager. Instead, use the Adaptive
Security Device Manager (ASDM). Enter the activation keys by selecting Configuration > Device
Management > Licensing > Activation Key and following the instructions in the online help for that
page. The Activation Key page also lists the state of all feature licenses. The ASDM online help includes
extensive information about ASA licensing.
When you deploy configurations from Security Manager, the device must have active licenses for all
features in the configuration or you will see deployment errors. In most cases, Security Manager does
not prevent you from configuring a feature based on the licenses that are active on a device. For example,
you can configure Botnet Traffic Filtering for a device even if that device has a disabled Botnet license.
The exception is the Failover license on the 5505 and 5510 models. There is a device property that you
can set to indicate whether there is an active Failover license on a device: License Supports Failover. You
can set this property by double-clicking the device (in Device view) to open the Device Properties page;
the option is on the General tab (see Device Properties: General Page, page3-40). If you discover
policies on the device, for example, when adding the device to the inventory using the Add Device From
Network or Add Device from File (from an inventory file, not a configuration file) options, Security