Hi There, I am having FTD 2100 appliance managed through FMC appliance and recently implemented, when i tried to created IPSEC tunnel to remote site, while deploying the policy, its creating error. as like below. inputs on this is highly appriciated.
Strong crypto (i.e encryption algorithm greater than DES) for VPN topology xxx_VPN is not supported. This can be because of FMC is running on evaluation license or smart licensing is not entitled for storng crypto.
In this case, how to i verify my FMC is not running evaluation license and how to activate smart licensing for strong crypto.
Do you have your appliance (or the managing FMC) registered in your Smart license account?
If so, you can request Cisco add the 3DES-AES license for it.
I just checked my company Smart Account and see that we don't have a separate strong crypto (3DES-AES) license for FTD devices. There doesn't appear to be any global setting in the account that enables Strong Crypto either. (Or if there is it's not exposed to an account admin (me).)
I recommend opening a case via email to firstname.lastname@example.org to have then check your account settings.
Looks like you did not enable export-control features when registering the device via FMC using smart licensing. When you register the FMC using a token, make sure the "Allow export control" checkbox is checked.
Once you do this, your FTD device should have this enabled under the FMC:
What you need to do is re-register the FMC again to smart licensing, this time with export control enabled.