cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


234
Views
0
Helpful
5
Replies
Beginner

Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

I have a pair of 4110s, and I had a problem SSHing to the logical ASA's. Having looked at the licensing, it appears that the "Encryption-3DES-AES" is disabled, which is causing it to only accept SSHv1 connections. The problem is, i don't have access to the internet or smart license, show version:

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited
Maximum VLANs                     : 1024
Inside Hosts                      : Unlimited
Failover                          : Active/Active
Encryption-DES                    : Enabled
Encryption-3DES-AES               : Disabled
Security Contexts                 : 10
Carrier                           : Disabled
AnyConnect Premium Peers          : 10000
AnyConnect Essentials             : Disabled
Other VPN Peers                   : 10000
Total VPN Peers                   : 10000
AnyConnect for Mobile             : Enabled
AnyConnect for Cisco VPN Phone    : Enabled
Advanced Endpoint Assessment      : Enabled
Shared License                    : Disabled
Total TLS Proxy Sessions          : 10000
Cluster                           : Enabled

 

and i tried to request license from licensing portal but it gives error "unknown product type"

 

5 REPLIES 5
VIP Advocate

Re: Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

What output on the 4110 are you using for the serial number are you using to request the license?

Alternately you could contact cisco licensing@cisco.com an ask for assistance.

--
Please remember to rate and select a correct answer
Beginner

Re: Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

how to request license and it accepts only smart license. it is not like the old ASA appliances to request PAK file. so what i can tell licensing@cisco.com?

VIP Advocate

Re: Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

Just give Licensing the serial number of the old and new devices as well as your smart account info and that you need the 3des-AES strong encryption license

--
Please remember to rate and select a correct answer
Beginner

Re: Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

the problem i don't have access to the internet. actually i don't know why cisco did that. it is not logic to be able to ssh to the device i get license, any other firewalls don't have the same issue. and smart license is the worst thing ever.


@Marius Gunnerud wrote:

Just give Licensing the serial number of the old and new devices as well as your smart account info and that you need the 3des-AES strong encryption license


 

Highlighted
Hall of Fame Guru

Re: Encryption-3DES-AES" is disabled on Cisco Firepower 4110 asa logical device

The license type you need to request is known as Permanent License Reservation (PLR).

You have to request your account be made eligible for this license type as Cisco will do some export control eligibility verifications etc. before approving it.

A PLR license does not require Internet access for the licensed device(s). Setting it up (once approved) is described here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos201/web-config/b_GUI_ConfigGuide_FXOS_201/license_management.html#id_22096