Solved: Re: Encryption-3DES-AES disabled on Cisco 5510

Oscar Martinez · ‎04-24-2017

Hi everyone,

I'm having a hard time understanding why my ASA shows I have the 3DES-AES encryption disabled. I have a security plus license on this device. Furthermore, I have already requested a free encryption license through the licensing portal. I received an email with the activation key which I applied. After the reload de 3DES-AES encryption was enabled but my license was downgraded to a base license. I restored the security plus license and encryption was disabled once again. I am running asa917-16-k8.bin on this device.

Here is my current sh ver for the ASA:

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

Please help!

Karsten Iwen · ‎04-24-2017

You need to write a mail to licensing@cisco.com and ask them for a combined license.

View solution in original post

Karsten Iwen · ‎04-24-2017

You need to write a mail to licensing@cisco.com and ask them for a combined license.

Oscar Martinez · ‎04-25-2017

Thank you very much for your help. I ended up contacting them and they sent me an email with the correct activation key to enable 3DES-AES encryption. I can now enable SSH version 2 and i'm a happy camper!

Amafsha1 · ‎12-05-2018

so what do you do once you get the actiavtion key? Do you paste it into the CLI or does the box need to have internet access for activation?

Richard Burts · ‎12-05-2018

The activation key is input via CLI. There is no requirement for Internet access for activation of the license.

HTH

Rick

HTH

Rick

Amafsha1 · ‎12-05-2018

Thank you. Any other caveats you can think of?

I did the following:

vpn(config)# license smart register idtoken x.x.x.x

vpn(config)# ssh version 2

error: ssh version 2 requires Encryption-3des-aes entitlement

Richard Burts · ‎12-05-2018

I am not certain, but especially based on the discussion at the beginning of this thread it sounds like your activation key was not for the combined license for 3DES and AES.

HTH

Rick

HTH

Rick

Marvin Rhoads · ‎12-05-2018

The original poster was asking about ASA 5510 which uses the older PAK-based licenses and associated activation keys.

From your output it appears you are using Smart Licensing. Are you working with an ASAv? If so then your must have the licenses allocated via your Smart license account and then you can assign them to any eligible Smart-licensed devices such as an ASAv.

Sp@wn · ‎02-14-2021

Hello Marvin,

We have 2 Fpr 2100 devices with Asa installed on them. We also configured active/passive HA failover. We have internet connection and also there are a four Cisco Firepower 2K Series ASA Strong Encryption (3DES/AES) licenses under our smart license account. I checked the smart license and 3DES/AES licenses are not used (in use value is 0). I tried registering the Asa firewall to the smart license several times, but in none of them the Asa firewall was unable to obtain a 3DES / AES license from the smart license center. What is your suggestion on this?

Regards,

Volkan Turan

Chakshu Piplani · ‎02-14-2021

While creating the token, can you make sure you checked "Allow export-controlled functionality on the products registered with this token "

Do rate helpful posts.

Regards,

Chakshu