Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
1
Replies

VPN issue on ASA5505: An IKEv2 remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (ECDH group) without an AnyConnect Premium license.

Paul Preston
Level 1
Level 1

‎10-11-2013 07:32 AM - edited ‎02-21-2020 07:13 PM

After configuring the anyconnect vpn on asa 5505 with base license I have got following error message:

3Oct 11 201314:15:02




Local: Remote: Username:Unknown An IKEv2 remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (ECDH group) without an AnyConnect Premium license.


Under following link I found a reference to that message:          

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

"NGE requires an AnyConnect premium license for IKEv2 remote access connections using NSA Suite B algorithms. Suite B algorithm usage for other connections or purposes (such as PKI) has no limitations. License checks are performed for remote access connections. If you receive a message that you are attempting to use an NSA Suite B crypto algorithm without an AnyConnect premium license, you have the option to either install the premium license or reconfigure the crypto settings to an appropriate level."

From "show version" command I can that the platform is licensed for 2 anyconnect Premium Peers:

Licensed features for this platform:

Maximum Physical Interfaces       : 8              perpetual

VLANs                             : 3              DMZ Restricted

Dual ISPs                         : Disabled       perpetual

VLAN Trunk Ports                  : 0              perpetual

Inside Hosts                      : 10             perpetual

Failover                          : Disabled       perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 10             perpetual

Total VPN Peers                   : 12             perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

Cluster                           : Disabled       perpetual

I'm running ASA software version 9.1.2.

I have had a look at the ccw and there is no option of adding any additional premium licensing as far as I can tell.

Did anyone experience that issue?

Any help/suggestions are much appreciated.

Kind Regards,

--

Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel:  (+44) 0844 809 4335
Fax: (+44) 01732 468 574
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk       

-- Paul Preston Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479 Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL Tel: (+44) 0844 809 4335 Fax: (+44) 01732 468 574 Mob: (+44) 077 9509 3450 Web: www.proxar.co.uk Email
Labels:
0 Helpful
1 Reply 1

Patrick Moubarak
Level 4
Level 4

‎10-11-2013 12:57 PM

Hi Paul,

search for the following SKU: L-ASA-SSL

Patrick

0 Helpful
Customers Also Viewed These Support Documents