02-18-2020 03:49 AM - edited 02-18-2020 04:37 AM
I Have firepower2100 with smart licence activated. I would like use VPN remote access, my problem is Export-Controlled Features is disabled. I opened case in cisco team, they recommded me to use 3DES-AES license .. I have Two question :
1-i just have this "3DES-AES license" only in my virtual account(see screenshot below), but not in my FMC (see screenshot below), how i can import to my FMC for used them after ?
2-if i do De-register Firepower Management center from Cisco smart software Manager, there is a impact in my production system ?
Solved! Go to Solution.
02-27-2020 11:20 AM
You need to first contact your Cisco partner and request them to enable "export controlled features" for you smart licensing account.
02-18-2020 02:54 PM
As far as I know, the FTD does not require the strong encryption license, that is only for the ASA software.
You can deregister you FMC from smart licensing without any impact on production. Licensing is only done on the FMC and not on the FTDs themselves. The only issue is that while the FMC is not registered you will not be able to perform any changes until it is registered again.
02-19-2020 06:57 AM
I think it is necessary using strong encryption when you want to use Anyconnect VPN, that's mean have "Export-Controlled Features" firstly enabled.
Thanks for your reply. I wait.
02-20-2020 01:43 PM
You need to contact your Cisco representative if you want to enable the export-controlled functionality option.
If Export-Controlled Features shows Disabled and you want to use features that require strong encryption:
There are two ways to enable strong cryptographic features. Your organization may be eligible for one or the other (or neither), but not both.
If there is no option to enable export-controlled functionality when you generate a new Product Instance Registration Token in Cisco Smart Software Manager (CSSM):
Contact your account representative.
The Firepower Management Center allows you to use export-controlled features if your Smart Account is eligible for export-controlled functionality. When approved by Cisco, an export control license is added to your virtual account and you can use the export-controlled features. For more information, see Enabling the Export Control Feature (for Accounts Without Global Permission)
02-23-2020 06:09 AM
I contact them, they give me a equivalent of strong encryption like 3DES series Asa ....
I don't know how to use them !
02-23-2020 12:13 PM
Looks like you have been issued the wrong license.
L-F9K-ASA-ENCR-K9(=) (for the Cisco Firepower 9300), L-FPR4K-ENC-K9(=) (for Cisco Firepower 4100 Series models), L-FPR2K-ENC-K9(=) (for the Cisco Firepower 2100 Series models) or L-FPR1K-ENC-K9(=) (for Cisco Firepower 1000 Series models): This license provides for strong encryption (K9) on the platform
02-24-2020 12:56 AM
I can't open your URL link ... ==403 - Forbidden Page or Application !
i have this licence FPR2K-NWFL-K9(=) as licence in my smart acoount !
02-24-2020 01:30 AM
L-FPR2K-ENC-K9(=) is the license you need for strong encryption
02-25-2020 11:23 PM
Yes exactly, I have this license L-FPR2K-ENC-K9(=) in my virtual smart account, but not in my FMC?
How can I insert it in my FMC ?
02-27-2020 11:20 AM
You need to first contact your Cisco partner and request them to enable "export controlled features" for you smart licensing account.
03-01-2020 12:44 AM
Hi Marius !
Yeah exactly, i contact them, the rigth licence that i must to have in my Smart Account is FMC-ENC-K9.
Thank you for your support and repplies !
06-02-2020 01:33 PM
L-FPR2K-ENC-K9= is not use in FMC. The license is for the firewall to enable strong encryption. If the license comes up in you SMART account you should be able to download the license if you login credentials have the correct access rights.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: