https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072374#M136261 <P>You need to write a mail to licensing@cisco.com and ask them for a combined license.</P> Mon, 24 Apr 2017 17:35:54 GMT Karsten Iwen 2017-04-24T17:35:54Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072373#M136259 <P>Hi everyone,&nbsp;</P> <P></P> <P>I'm having a hard time understanding why my ASA shows I have the 3DES-AES encryption disabled. I have a security plus license on this device. Furthermore, I have already requested a free encryption license through the licensing portal. I received an email with the activation key which I applied. After the reload de 3DES-AES encryption was enabled but my license was downgraded to a base license. I restored the security plus license and encryption was disabled once again. I am running&nbsp;<SPAN>asa917-16-k8.bin on this device.&nbsp;</SPAN></P> <P></P> <P>Here is my current sh ver for the ASA:&nbsp;</P> <P></P> <P>Licensed features for this platform:<BR />Maximum Physical Interfaces : Unlimited perpetual<BR />Maximum VLANs : 100 perpetual<BR />Inside Hosts : Unlimited perpetual<BR />Failover : Active/Active perpetual<BR />Encryption-DES : Enabled perpetual<BR />Encryption-3DES-AES : Disabled perpetual<BR />Security Contexts : 2 perpetual<BR />GTP/GPRS : Disabled perpetual<BR />AnyConnect Premium Peers : 2 perpetual<BR />AnyConnect Essentials : Disabled perpetual<BR />Other VPN Peers : 250 perpetual<BR />Total VPN Peers : 250 perpetual<BR />Shared License : Disabled perpetual<BR />AnyConnect for Mobile : Disabled perpetual<BR />AnyConnect for Cisco VPN Phone : Disabled perpetual<BR />Advanced Endpoint Assessment : Disabled perpetual<BR />UC Phone Proxy Sessions : 2 perpetual<BR />Total UC Proxy Sessions : 2 perpetual<BR />Botnet Traffic Filter : Disabled perpetual<BR />Intercompany Media Engine : Disabled perpetual<BR />Cluster : Disabled perpetual<BR /> <BR />This platform has an ASA 5510 Security Plus license.</P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Please help!&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> Tue, 12 Mar 2019 09:15:21 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072373#M136259 Oscar Martinez 2019-03-12T09:15:21Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072374#M136261 <P>You need to write a mail to licensing@cisco.com and ask them for a combined license.</P> Mon, 24 Apr 2017 17:35:54 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072374#M136261 Karsten Iwen 2017-04-24T17:35:54Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072375#M136262 <P>Thank you very much for your help. I ended up contacting them and they sent me an email with the correct activation key to enable 3DES-AES encryption. I can now enable SSH version 2 and i'm a happy camper!</P> Tue, 25 Apr 2017 13:18:17 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3072375#M136262 Oscar Martinez 2017-04-25T13:18:17Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758545#M136264 <P>so what do you do once you get the actiavtion key?&nbsp; Do you paste it into the CLI or does the box need to have internet access for activation?</P> Wed, 05 Dec 2018 21:05:58 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758545#M136264 Amafsha1 2018-12-05T21:05:58Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758591#M136266 <P>The activation key is input via CLI. There is no requirement for Internet access for activation of the license.</P> <P>&nbsp;</P> <P>HTH</P> <P>&nbsp;</P> <P>Rick</P> Wed, 05 Dec 2018 22:29:34 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758591#M136266 Richard Burts 2018-12-05T22:29:34Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758597#M136268 <P>Thank you.&nbsp; Any other caveats you can think of?</P> <P>&nbsp;</P> <P>I did the following:</P> <P>&nbsp;</P> <P>vpn(config)# license smart register idtoken x.x.x.x</P> <P>&nbsp;</P> <P>vpn(config)# ssh version 2</P> <P>error: ssh version 2 requires Encryption-3des-aes entitlement&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 05 Dec 2018 22:34:02 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758597#M136268 Amafsha1 2018-12-05T22:34:02Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758602#M136269 <P>I am not certain, but especially based on the discussion at the beginning of this thread it sounds like your activation key was not for the combined license for 3DES and AES.</P> <P>&nbsp;</P> <P>HTH</P> <P>&nbsp;</P> <P>Rick</P> Wed, 05 Dec 2018 22:40:29 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758602#M136269 Richard Burts 2018-12-05T22:40:29Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758644#M136271 <P>The original poster was asking about ASA 5510 which uses the older PAK-based licenses and associated activation keys.</P> <P>&nbsp;</P> <P>From your output it appears you are using Smart Licensing. Are you working with an ASAv? If so then your must have the licenses allocated via your Smart license account and then you can assign them to any eligible Smart-licensed devices such as an ASAv.</P> Thu, 06 Dec 2018 01:48:47 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/3758644#M136271 Marvin Rhoads 2018-12-06T01:48:47Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/4291405#M1078461 <P>Hello Marvin,</P><P>&nbsp;</P><P>We have&nbsp; 2 Fpr 2100 devices with Asa installed on them.&nbsp;We also configured active/passive HA failover. We have internet connection and also there are a four Cisco Firepower 2K Series ASA Strong Encryption (3DES/AES) licenses under our smart license account.&nbsp;I checked the smart license and 3DES/AES licenses are not used (in use value is 0).&nbsp;I tried registering the Asa firewall to the smart license several times, but in none of them the Asa firewall was unable to obtain a 3DES / AES license from the smart license center.&nbsp;What is your suggestion on this?</P><P>&nbsp;</P><P>Regards,</P><P>Volkan Turan</P> Sun, 14 Feb 2021 09:58:22 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/4291405#M1078461 Sp@wn 2021-02-14T09:58:22Z https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/4291542#M1078463 <P>While creating the token, can you make sure you checked "Allow export-controlled functionality on the products registered with this token "</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/104363i171E4D92719D5799/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>Do rate helpful posts.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Chakshu</P> Mon, 15 Feb 2021 01:48:07 GMT https://community.cisco.com/t5/network-security/encryption-3des-aes-disabled-on-cisco-5510/m-p/4291542#M1078463 Chakshu Piplani 2021-02-15T01:48:07Z