Hello experts,

Any input from you guys would be greatly appriciated. 

I have two ASA 5545-X in an Active/Standby failover. I configured Remote Access VPN and tried to install the AnyConnect APEX license on both units. I am getting the below error, which says the APEX license will not have the 3DES/AES license. However, both ASAs currently have 3DES/AES licenses. What would happen  if I go ahead and install the APEX license?

ASA have site to site VPN tunnels usning AES encryption. 

ASA# show activation-key

Serial Number:  FCH126575TY

Running Permanent Activation Key: 0xb2544e66c 0x64f779af 0xad704556 0xcd9828b4 0x5t3cf392

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 300            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

Security Contexts                 : 2              perpetual

Carrier                           : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 2500           perpetual

Total VPN Peers                   : 2500           perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

Shared License                    : Disabled       perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

IPS Module                        : Disabled       perpetual

Cluster                           : Enabled        perpetual

Cluster Members                   : 2              perpetual

This platform has an ASA5545 VPN Premium license.

Failover cluster licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 300            perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Active/Active  perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

Security Contexts                 : 4              perpetual

Carrier                           : Disabled       perpetual

AnyConnect Premium Peers          : 4              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 2500           perpetual

Total VPN Peers                   : 2500           perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

Shared License                    : Disabled       perpetual

Total UC Proxy Sessions           : 4              perpetual

Botnet Traffic Filter             : Disabled       perpetual

IPS Module                        : Disabled       perpetual

Cluster                           : Enabled        perpetual

This platform has an ASA5545 VPN Premium license.

The flash permanent activation key is the SAME as the running permanent key.

When I tried to install APEX.

ASA(config)# activation-key 683ca162 0c6f91b1 25f0699c d5d87ce8 4256ca85

Validating activation key. This may take a few minutes...

The following features available in running permanent activation key are NOT

available in new permanent activation key:

   Encryption-3DES-AES

WARNING: The running activation key was not updated with the requested key.

Proceed with update flash activation key? [confirm]

Please let me know if you have further questions.

Thanks

Suresh