09-02-2005 12:12 PM - edited 03-09-2019 12:19 PM
How do I change PIX to use 3DES instead of DES for SSH?
09-02-2005 12:25 PM
The PIX documentation (version 6.3 and version 7.0) does not show an option for specifying DES or 3DES connectivity. I believe that this can only be controlled from the client software.
09-04-2005 04:55 AM
Is the option comes with licsenced PIX?
09-04-2005 08:02 PM
firstly, do a "show version" to verify whether your pix has 3des enabled.
if so, then try re-generate the rsa key
ca zeroize rsa
ca generate rsa key
ca save all
09-04-2005 07:33 AM
Norman,
If I'm understanding your question correctly, you are asking for 3DES key for your PIX - correct? Does your PIX show only DES enabled if you issue sho ver on your PIX?
If the above is correct, you can obtain 3DES/AES Licence key from Cisco FREE of charge, go here and follow the instructons:
https://tools.cisco.com/SWIFT/Licensing/jsp/formGenerator/Pix3DesMsgDisplay.jsp
You'll need to login, which you can do with your netpro username and password and follow the instructions.
Hope this helps and if it does please rate post.
Thanks -
Jay
09-05-2005 10:28 PM
Dear all,
Following conversation may you all can help me with activation-key. since i copy paste activation key from imel to pix then reload it, flash getting hang like this :
Panic: - map_p2l_4k(400000, 400000) already mapped to ffffffff
anyone have experiencing this probs .
regards,
dendi--
09-06-2005 06:54 AM
My PIX currently doesn't have 3DES enabled. I'll test your suggestion and report back. Thanks.
VPN-DES: Enabled
VPN-3DES-AES: Disabled
09-08-2005 02:33 PM
I now have a new key from Cisco.
_New_
Maximum Interfaces: 6
Failover: Enabled
VPN-DES: Enabled
VPN-Triple DES: Enabled
Failover mode only license : No
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
This is slightly different from the old.
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
I guess Websense replaced URL-filtering? How about the Unlimited options? Do I need to worry about them?
09-09-2005 05:29 PM
They are the same.
09-11-2005 05:25 PM
What are the same , login ? no i don't thing so. You will have differrent secure login. try open 2 ssh using ssh id@host_ip, and other using old way. Please take a look as well on pix for ssh session.
regards
dendi
07-27-2015 02:12 AM
Thanks Jay.
For some reason your link didn't work or it may have expired. However it gave us the clue.
For others with similar issue, also check this link.
http://www.gomjabbar.com/2011/07/17/recovering-a-license-activation-key-for-the-cisco-asa/#sthash.rnrQkoCo.dpbs
MK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide