I'm veru happy that the problem is going to be solved without cost.

I've just gone on the link you gave me (https://tools.cisco.com/SWIFT/LicensingUI/Home?FormId=139
), and when i filled up all informations required, and clicked on "submit", i've a error:

I tryed twice time.

Do i try later ? or the link is realy broken ?

Thak you for your response Varun Rao.

After sending this error to 'licensing@cisco.com', i got my license.

Thank you Varun.

Hi,

The license that i received, is exactely the same that is already installed (and parmanent) on my firewall.

And the 3DES is still disabled ;(

I contacted more than 10 times CISCO, and every time, they send me the same license.

Here is the license key sent to me everytime:

The new license that was sent from cisco:

Inside Hosts                    : 50        

Failover                        : Disabled  

Encryption-DES                  : Enabled   

Encryption-3DES-AES             : Enabled   

Security Contexts               : Default   

GTP/GPRS                        : Disabled  

AnyConnect Premium Peers        : Default   

Other VPN Peers                 : Default   

Advanced Endpoint Assessment    : Disabled  

AnyConnect for Mobile           : Disabled  

AnyConnect for Cisco VPN Phone  : Disabled  

Shared License                  : Disabled  

UC Phone Proxy Sessions         : Default   

Total UC Proxy Sessions         : Default   

AnyConnect Essentials           : Disabled  

Botnet Traffic Filter           : Disabled  

Intercompany Media Engine       : Disabled  

Platform = asa

JMX152040DW:      5321ec6e 102e534b fc21e96c 841c8ca8 ce1727aa

And here is the show activation-key output:

Running Permanent Activation Key: 0x5321ec6e 0x102e534b 0xfc21e96c

0x841c8ca8 0xce1727aa 

Licensed features for this platform:

Maximum Physical Interfaces    : 8              perpetual

VLANs                          : 3              DMZ Restricted

Dual ISPs                      : Disabled       perpetual

VLAN Trunk Ports               : 0              perpetual

Inside Hosts                   : 50             perpetual

Failover                       : Disabled       perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Disabled       perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 10             perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

Botnet Traffic Filter          : Disabled       perpetual

Intercompany Media Engine      : Disabled       perpetual

This platform has a Base license.

The flash permanent activation key is the SAME as the running permanent key.

I don't understand what's wrong,

i tried to reboot my ASA5505, nothing changed

Can you help me please ?

Thank you.

I have exactly the same problem, they send me an activation key same as the one installed and 3des is not activated.

Did you ever figure out how to get 3DES-AES enabled on your ASA? I'm having the exact same problem.

You can go to cisco.com/go/license and obtain a 3DES/AES license activation key for your ASA serial number.

Thank you for your reply Rahul. I did that and they sent me the key that was already installed. When I run show activation-key, it shows VPN-3DES-AES Disabled. I emailed Cisco support and they say it is Enabled. I replied showing them that it is disabled and asked how to enable it and was told:

Please use the keys sent previously, see below:

And it shows the same key that is already installed. Is there a way to enable features that the license allows?

Do you have the email they sent you with the new license-key? Can you paste the relevant contents here? Does it show 3DES/AES enabled in that?

DO NOT DISCARD THIS EMAIL.

You have received this email because your email address was provided to Cisco Systems during the registration process for a Cisco PIX Firewall Activation key.  Please read this email carefully and forward it with any attachments to the proper system administrator if you are not the correct person.

ASA5500-ENCR-K9
Warning, our records indicate that the Cisco ASA Firewall hardware serial NUMBER that you submitted during registration has previously been licensed FOR A higher feature SET. The message above indicates the feature that has been downgraded FOR your ASA hardware serial NUMBER. This message IS provided AS A courtesy TO you. IF there IS no mistake, you can proceed WITH the installation AS usual. BEFORE installing the KEY below, please DOUBLE CHECK that you have requested A KEY FOR the correct Cisco ASA Firewall. IF you have made A mistake, please follow the instructions below FOR assistance.

Below, you will find the Activation Key for your Cisco PIX Firewall.

SR#                        : 

Inside Hosts                             : Unlimited 
Failover                                 : Disabled  
Encryption-DES                           : Enabled   
Encryption-3DES-AES                      : Enabled   
Security Contexts                        : Default   
GTP/GPRS                                 : Disabled  
AnyConnect Premium Peers                 : Default   
Other VPN Peers                          : Default   
Advanced Endpoint Assessment             : Disabled  
AnyConnect for Mobile                    : Disabled  
AnyConnect for Cisco VPN Phone           : Disabled  
Shared AnyConnect Premium License server : Disabled  
Shared License                           : Disabled  
UC Phone Proxy Sessions                  : Default   
Total UC Proxy Sessions                  : Default   
AnyConnect Essentials                    : Disabled  
Botnet Traffic Filter                    : Disabled  
Intercompany Media Engine                : Disabled  
Cluster License                          : Disabled  
vCPUs                                    : 0         

Platform = asa

JMX2015Z1BR:	

Installing Your PIX Firewall Activation Key

Note:  On systems running PIX OS 6.2 and higher, you may enter the new activation key via the activation-key command.  A reboot will be necessary to have the change take effect.  On systems running PIX OS 6.1 and earlier, a software image must be downloaded to the PIX Firewall in monitor mode in order to enter the new activation key.

Step 1.  Back up your PIX Firewall configuration.  Use the tftp-server command with the "write net" command to store your configuration on a TFTP server.  Or, use the "write terminal" command to list your configuration and then cut and paste it into a text editing application on your console.

Step 2.  Follow the directions applicable to your version and PIX Firewall model number for installing  a new software and entering a new activation key.  Refer to the PIX Firewall documentation at the following site:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm

Step 3.  If prompted to "install a new image," enter y.

Step 4.  When prompted to "enter new key," enter y.

Step 5.  When prompted, enter each of the four key values (Do not enter spaces in the key value).

Step 6.  Use the "show version" command to view the new features enabled by the key.

Activation of DES and 3DES/AES features require PIX Firewall software v5.0 or later.
Software License Agreement

What hardware and software version are you using? The license seems right. I would recommend opening a case with TAC to see whats wrong if this license does not apply correctly.

I copied the ASA image and ASDM version from the ASA that I am going to and 3DES-AES is now enabled. Thank you for your help.

Indeed houari - your original post showed you had:

System image file is "disk0:/asa832-npe-k8.bin"

That image with "npe" means "no payload encryption". Only when you upgraded  replaced with an image that supports the encryption could you apply the 3DES-AES license.