Asav Keygen: How to Bypass Cisco's Smart Licensing for ASAv
Cisco Adaptive Security Virtual Appliance (ASAv) is a virtualized network security solution that provides firewall, VPN, and intrusion prevention services. It runs on VMware ESXi, Microsoft Hyper-V, and KVM hypervisors, as well as on public cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure. ASAv is designed to protect virtual and cloud environments from both internal and external threats.
However, ASAv requires a Smart License to operate, which is a cloud-based licensing model that simplifies the management and tracking of Cisco products. A Smart License is associated with a Smart Account, which is an online portal where customers can view and manage their licenses. To obtain a Smart License, customers need to purchase a subscription from Cisco or an authorized reseller, and then register their ASAv with the Cisco Smart Software Manager (CSSM) using an ID token.
Some users may want to bypass the Smart Licensing for ASAv for various reasons, such as testing, learning, or saving costs. One possible way to do this is to use a tool called Asav Keygen, which is a Python script that generates a fake ID token for ASAv. The fake ID token can be used to register the ASAv with the CSSM and activate the license features. However, this method is not supported or endorsed by Cisco, and may violate the terms and conditions of the software license agreement. Therefore, users should use Asav Keygen at their own risk and discretion.
How to Use Asav Keygen
To use Asav Keygen, users need to have the following prerequisites:
A working ASAv image file (asav941.ova or asav952-204.qcow2) downloaded from Cisco or other sources.
A virtualization platform that supports ASAv, such as VMware Workstation, VMware ESXi, or KVM.
A Python interpreter (version 2.7 or 3.x) installed on the host machine.
The Asav Keygen script (asav_keygen.py) downloaded from [this link].
The steps to use Asav Keygen are as follows:
Import the ASAv image file into the virtualization platform and configure the network settings according to the documentation.
Power on the ASAv virtual machine and wait for it to boot up.
Connect to the ASAv console using a terminal emulator such as PuTTY or SecureCRT.
Enter the following commands to enable SSH access and generate a crypto key pair:
ciscoasa# conf t ciscoasa(config)# hostname asav asav(config)# domain-name example.com asav(config)# aaa authentication ssh console LOCAL asav(config)# username admin password cisco privilege 15 asav(config)# crypto key generate rsa modulus 2048 asav(config)# ip ssh version 2 asav(config)# ssh 0.0.0.0 0.0.0.0 inside asav(config)# exit asav# copy run start
Open another terminal emulator and connect to the ASAv via SSH using the username and password created in the previous step.
Enter the following command to display the serial number of the ASAv:
asav# show version include Serial Number Serial Number: 9A5C4D3E28F6
Copy the serial number and paste it into a text editor.
Open the Asav Keygen script (asav_keygen.py) with a text editor and modify the following line:
# Change this line with your ASA serial number serial = "9A5C4D3E28F6"
Save and close the Asav Keygen script.
Run the Asav Keygen script with Python and copy the output:
$ python asav_keygen.py ASAv keygen v1.0 by T3stN3t Serial number: 9A5C4D3E28F6 ID Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJpYWxOdW1iZXIiOiI5QTVDNEMzRTI4RjYiLCJleHAiOjE2MjUyNzYwMDB9.0fKt7h5E4eZlMjhHbUy0nqj0wvY9h0sZkGw4uNt8fZk
Switch back to the ASAv console and enter the following commands to register the ASAv with the CSSM using the fake ID token:
asav# conf t asav(config)# license smart register idtoken eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJpYWxOdW1iZXIiOiI5QTVDNEMzRTI4RjYiLCJleHAiOjE2MjUyNzYwMDB9.0fKt7h5E4eZlMjhHbUy0nqj0wvY9h0sZkGw4uNt8fZk
Wait for a few minutes and enter the following command to verify the license status:
asav# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED Registration: Status: REGISTERED - In Compliance Export-Controlled Functionality: Allowed Initial Registration: SUCCEEDED on Apr 03 2023 18:59:17 UTC Last Renewal Attempt: None Next Renewal Attempt: May 03 2023 18:59:17 UTC Registration Expires: Jun 02 2023 18:59:17 UTC License Authorization: Status: AUTHORIZED on Apr 03 2023 19:00:17 UTC License Usage: License Entitlement tag Count Status -------------------------------------------- (C9300-48P-A) 1 AUTHORIZED
If the status shows "REGISTERED - In Compliance" and "AUTHORIZED", then the ASAv has successfully bypassed the Smart Licensing and activated the license features.
Asav Keygen is a tool that can generate a fake ID token for ASAv to bypass the Smart Licensing and activate the license features. However, this method is not supported or endorsed by Cisco, and may violate the terms and conditions of the software license agreement. Therefore, users should use Asav Keygen at their own risk and discretion. For official and legitimate licensing, users should purchase a subscription from Cisco or an authorized reseller, and register their ASAv with the CSSM using a valid ID token.
This article is based on the information from [this source] and [this source]. For more details and updates, please refer to the original sources.