cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
911
Views
5
Helpful
6
Replies
Beginner

FTD VPN strong crypto not support

Hi There, I am having FTD 2100 appliance managed through FMC appliance and recently implemented, when i tried to created IPSEC tunnel to remote site, while deploying the policy, its creating error. as like below. inputs on this is highly appriciated.

 

Strong crypto (i.e encryption algorithm greater than DES) for VPN topology xxx_VPN is not supported. This can be because of FMC is running on evaluation license or smart licensing is not entitled for storng crypto.

 

In this case, how to i verify my FMC is not running evaluation license and how to activate smart licensing for strong crypto.

Everyone's tags (1)
6 REPLIES 6
Hall of Fame Guru

Re: FTD VPN strong crypto not support

Do you have your appliance (or the managing FMC) registered in your Smart license account?

If so, you can request Cisco add the 3DES-AES license for it.

Beginner

Re: FTD VPN strong crypto not support

Hi, I have Appliance for management server as well and registered in smart licensing. Please let me know 3DES-AES encryption requires separate license in FTD.
Hall of Fame Guru

Re: FTD VPN strong crypto not support

I just checked my company Smart Account and see that we don't have a separate strong crypto (3DES-AES) license for FTD devices. There doesn't appear to be any global setting in the account that enables Strong Crypto either. (Or if there is it's not exposed to an account admin (me).)

I recommend opening a case via email to licensing@cisco.com to have then check your account settings.

 

VIP Advocate

Re: FTD VPN strong crypto not support

Looks like you did not enable export-control features when registering the device via FMC using smart licensing. When you register the FMC using a token, make sure the "Allow export control" checkbox is checked. 

 

export-control.PNG

 

Once you do this, your FTD device should have this enabled under the FMC:

 

export-control-2.PNG

 

What you need to do is re-register the FMC again to smart licensing, this time with export control enabled. 

Hall of Fame Guru

Re: FTD VPN strong crypto not support

Good catch Rahul, thanks for posting that one.

Highlighted
Beginner

Re: FTD VPN strong crypto not support

If i do re-registering, will it have any production impact or any other licensing issue will occur. Allow export-controlled functionaility on the products registered with this token