cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Firewalls

4487
Views
5
Helpful
7
Replies
Beginner

Encryption-3DES-AES disabled on Cisco 5510

Hi everyone, 

I'm having a hard time understanding why my ASA shows I have the 3DES-AES encryption disabled. I have a security plus license on this device. Furthermore, I have already requested a free encryption license through the licensing portal. I received an email with the activation key which I applied. After the reload de 3DES-AES encryption was enabled but my license was downgraded to a base license. I restored the security plus license and encryption was disabled once again. I am running asa917-16-k8.bin on this device. 

Here is my current sh ver for the ASA: 

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

Please help! 

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

You need to write a mail to

You need to write a mail to licensing@cisco.com and ask them for a combined license.

7 REPLIES
VIP Advisor

You need to write a mail to

You need to write a mail to licensing@cisco.com and ask them for a combined license.

Beginner

Thank you very much for your

Thank you very much for your help. I ended up contacting them and they sent me an email with the correct activation key to enable 3DES-AES encryption. I can now enable SSH version 2 and i'm a happy camper!

Beginner

Re: Encryption-3DES-AES disabled on Cisco 5510

so what do you do once you get the actiavtion key?  Do you paste it into the CLI or does the box need to have internet access for activation?

Hall of Fame Master

Re: Encryption-3DES-AES disabled on Cisco 5510

The activation key is input via CLI. There is no requirement for Internet access for activation of the license.

 

HTH

 

Rick

Beginner

Re: Encryption-3DES-AES disabled on Cisco 5510

Thank you.  Any other caveats you can think of?

 

I did the following:

 

vpn(config)# license smart register idtoken x.x.x.x

 

vpn(config)# ssh version 2

error: ssh version 2 requires Encryption-3des-aes entitlement 

 

 

Hall of Fame Master

Re: Encryption-3DES-AES disabled on Cisco 5510

I am not certain, but especially based on the discussion at the beginning of this thread it sounds like your activation key was not for the combined license for 3DES and AES.

 

HTH

 

Rick

Highlighted
Hall of Fame Master

Re: Encryption-3DES-AES disabled on Cisco 5510

The original poster was asking about ASA 5510 which uses the older PAK-based licenses and associated activation keys.

 

From your output it appears you are using Smart Licensing. Are you working with an ASAv? If so then your must have the licenses allocated via your Smart license account and then you can assign them to any eligible Smart-licensed devices such as an ASAv.

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers