Solved: Have Problem to enable Export-Controlled Features in Firepower2100

MedTiti92 · ‎02-18-2020

I Have firepower2100 with smart licence activated. I would like use VPN remote access, my problem is Export-Controlled Features is disabled. I opened case in cisco team, they recommded me to use 3DES-AES license .. I have Two question :

1-i just have this "3DES-AES license" only in my virtual account(see screenshot below), but not in my FMC (see screenshot below), how i can import to my FMC for used them after ? 3DES licences.png

2-if i do De-register Firepower Management center from Cisco smart software Manager, there is a impact in my production system ?

Marius Gunnerud · ‎02-27-2020

You need to first contact your Cisco partner and request them to enable "export controlled features" for you smart licensing account.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎02-18-2020

As far as I know, the FTD does not require the strong encryption license, that is only for the ASA software.

You can deregister you FMC from smart licensing without any impact on production. Licensing is only done on the FMC and not on the FTDs themselves. The only issue is that while the FMC is not registered you will not be able to perform any changes until it is registered again.

--
Please remember to select a correct answer and rate helpful posts

MedTiti92 · ‎02-19-2020

I think it is necessary using strong encryption when you want to use Anyconnect VPN, that's mean have "Export-Controlled Features" firstly enabled.

Thanks for your reply. I wait.

Marius Gunnerud · ‎02-20-2020

You need to contact your Cisco representative if you want to enable the export-controlled functionality option.

If Export-Controlled Features shows Disabled and you want to use features that require strong encryption:

There are two ways to enable strong cryptographic features. Your organization may be eligible for one or the other (or neither), but not both.

If there is no option to enable export-controlled functionality when you generate a new Product Instance Registration Token in Cisco Smart Software Manager (CSSM):

Contact your account representative.

The Firepower Management Center allows you to use export-controlled features if your Smart Account is eligible for export-controlled functionality. When approved by Cisco, an export control license is added to your virtual account and you can use the export-controlled features. For more information, see Enabling the Export Control Feature (for Accounts Without Global Permission)

reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/licensing_the_firepower_system.html#id_81552

--
Please remember to select a correct answer and rate helpful posts

MedTiti92 · ‎02-23-2020

I contact them, they give me a equivalent of strong encryption like 3DES series Asa ....

I don't know how to use them !

Marius Gunnerud · ‎02-23-2020

Looks like you have been issued the wrong license.

L-F9K-ASA-ENCR-K9(=) (for the Cisco Firepower 9300), L-FPR4K-ENC-K9(=) (for Cisco Firepower 4100 Series models), L-FPR2K-ENC-K9(=) (for the Cisco Firepower 2100 Series models) or L-FPR1K-ENC-K9(=) (for Cisco Firepower 1000 Series models): This license provides for strong encryption (K9) on the platform

reference: https://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series-appliances/guide-c07-737902.html

--
Please remember to select a correct answer and rate helpful posts

MedTiti92 · ‎02-24-2020

I can't open your URL link ... ==403 - Forbidden Page or Application !

i have this licence FPR2K-NWFL-K9(=) as licence in my smart acoount !

Marius Gunnerud · ‎02-24-2020

L-FPR2K-ENC-K9(=) is the license you need for strong encryption

--
Please remember to select a correct answer and rate helpful posts

MedTiti92 · ‎02-25-2020

Yes exactly, I have this license L-FPR2K-ENC-K9(=) in my virtual smart account, but not in my FMC?

How can I insert it in my FMC ?

Marius Gunnerud · ‎02-27-2020

You need to first contact your Cisco partner and request them to enable "export controlled features" for you smart licensing account.

--
Please remember to select a correct answer and rate helpful posts

MedTiti92 · ‎03-01-2020

Hi Marius !

Yeah exactly, i contact them, the rigth licence that i must to have in my Smart Account is FMC-ENC-K9.

Thank you for your support and repplies !

techdata · ‎06-02-2020

L-FPR2K-ENC-K9= is not use in FMC. The license is for the firewall to enable strong encryption. If the license comes up in you SMART account you should be able to download the license if you login credentials have the correct access rights.