Enabling VPN-3Des-AES

Hello!
I need to enable VPN-3DES-AES on an ASA5540.  Show version provided this info below. 
Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 200
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Disabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 5000
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2
This platform has an ASA 5540 VPN Premium license.
After doing some poking around I came across a link to request a free license but when the email came it warned that the requested license was lower than one currently assigned to the serial number provided.  I do not have any of the old license information since this was set up years ago and was way before my time with the company.  Can anyone point me in the right direction on how to enable the feature as well as maintaining my vpn premium license features. 
Thanks,
Andrew

Below is info from the email with the key.  It keeps referring to PIX OX6.1.  The ASA is running ASA 8.0(4).  Is this going to be a problem or are the pix references just there because this key has been needed to activate the strong encryption since the pix days?  Also is the process going to be the same for an asa?  Will I still need a reboot?  Thanks for all the help!
Platform = asa
Installing Your PIX Firewall Activation Key
Note:  On systems running PIX OS 6.2 and higher, you may enter the new activation key via the activation-key command.  A reboot will be necessary to have the change take effect.  On systems running PIX OS 6.1 and earlier, a software image must be downloaded to the PIX Firewall in monitor mode in order to enter the new activation key.
Step 1.  Back up your PIX Firewall configuration.  Use the tftp-server command with the "write net" command to store your configuration on a TFTP server.  Or, use the "write terminal" command to list your configuration and then cut and paste it into a text editing application on your console.
Step 2.  Follow the directions applicable to your version and PIX Firewall model number for installing  a new software and entering a new activation key.  Refer to the PIX Firewall documentation at the following site:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm
Step 3.  If prompted to "install a new image," enter y.
Step 4.  When prompted to "enter new key," enter y.
Step 5.  When prompted, enter each of the four key values (Do not enter spaces in the key value).
Step 6.  Use the "show version" command to view the new features enabled by the key.

Similar Messages

  • VPN-3DES-AES: Disabled feature

    Hello all,
    I have an ASA that I will like to enable the VPN-3DES-AES license. Unfortunately, we have been using this device for the past few years and the supplier did not supply us with the SKU PAK (white sheet that comes with the box). Is there a way that I can enable this feature?
    Thanks alot.
    Licensed features for this platform:
    Maximum Physical Interfaces  : Unlimited
    Maximum VLANs                : 100
    Inside Hosts                 : Unlimited
    Failover                     : Active/Active
    VPN-DES                      : Enabled
    VPN-3DES-AES                 : Disabled

    You get the license free of charge on www.cisco.com/go/license.
    Under "Get new" you choose ASA, provide your serial# and contact, and some minutes later you have the license in your inbox.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Getting a VPN-3DES-AES Key for PIX515E

    Hi all.
    I have a PIX 515E UR which I would like to activate the VPN-3DES-AES license. I did find a link to register the license, but after following the link and logging into my old CCO account i found that as I didn't have access to anything, so couldn't complete the procedure.
    Is there any way that I can get the license activated? I bought the unit from a Cisco partner quite some time ago, but never needed the 3DES license. Now I do. Can anyone suggest anything or help in any way please?
    Thanks

    Hi,
    You should be able to get it from the Cisco site.
    www.cisco.com/go/license
    Which might open
    https://tools.cisco.com/SWIFT/LicensingUI/Home
    From where you click the button for "Continue to Product License Registration"
    From the opening page "Get New"(dropdown menu) -> "IPS, Crypto, Other Licenses"
    From there "Security Products" -> "Cisco PIX Security Appliance 3DES/AES License"
    And there you should be able to fill in the required information.
    It has changed from the last time I did it so I am not sure if theres anything more to it. But I have had no problem getting this for old PIX firewalls previously
    - Jouni

  • After made upgrade license i lost 3DES-AES

    Hey men,
    so i have 2 ASA 5510, and i applied a Security Plus License in one, but after this my license VPN-3DES-AES goes to Disabled.
    Anyone knows something as i can do to change to enable? Because in Base License i had this option after apply plus no more.
    Thanks,

    Hi Raj,
    Please see the link below :
    https://supportforums.cisco.com/document/67701/asa-versions-image-names-and-licensing
    and visit section FREE 3DES/AES license. Go to the that link, follow the steps and get the activation key. Once you have the new activation key, put it in ASA and it should be enabled.
    {config)# activation-key xxxx xxxx xxxx xxxxx
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

  • 3DES/AES licence for ASA5520

    Hi everybody,
    I have an ASA 5520 K8 with a smartnet contract, how can I proceed to get K9 software so that I will be able to use 3DES/AES encryption key.
    Thanks a lot in advandce

    As long as you are not in a proscribed country, you can just go to this page:
    https://tools.cisco.com/SWIFT/LicensingUI/ipsCryptoPage
    ...and provide your product serial number. You will be sent an activation code that will have instructions for activation included.

  • How can I enable VPN passtrough with 881-K9 Security Router?

    Hi Space!
    I need help,  because I really cannot find the error in my configuration.
    What I want to do is, to enable simple VPN passtrough with a 881 K9 Security Router.
    So all VPN traffice travells directly from the internet trough the router (I don't need any inspection or else of this traffic) to a Windows Server behind (and back to the client of course).
    [ Internet -> Cisco 889 router -> Windows Server ]
    Enclosed you will find my configuration.
    The VPN connection cannot be established and the clients are getting connection error 800 most of the time.
    Thanks for any hint!
    Kind regards,
    Chris

    ActiveX is proprietary to IE and Firefox has never supported ActiveX.

  • Cisco VPN client and License

    Hello,
    We have a Cisco ASA 5520 with the VPN PLus License and 8.04 IOS installed, we want to set up vpn access to our users. We can use the cisco VPN client which works on WIndows Platform, but we also have MAC OS 10.7 which works only with Cisco Anyconnect.
    I am a little bit lost with all the client and the license, actually we can't setup more than 2 vpn session with an Anyconnect client installed on MAC or Windows. The authentication is by Certificate, the first two connect fine, but the third one don't connect and prompt for a username / password.
    I joined a SH VER of my ASA, if anyome can tell me what is wrong on the license or perhaps it's a configuration problem?
    Thanks a lot for the answer.
    Mathieu.
    fw-eps-02# sh ver
    Cisco Adaptive Security Appliance Software Version 8.0(4)
    Device Manager Version 6.4(1)
    Compiled on Thu 07-Aug-08 20:53 by builders
    System image file is "disk0:/asa804-k8.bin"
    Config file at boot was "startup-config"
    fw-eps-02 up 1 hour 36 mins
    Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
    Internal ATA Compact Flash, 256MB
    BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
    Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                                 Boot microcode   : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
    0: Ext: GigabitEthernet0/0  : address is c84c.75da.9a58, irq 9
    1: Ext: GigabitEthernet0/1  : address is c84c.75da.9a59, irq 9
    2: Ext: GigabitEthernet0/2  : address is c84c.75da.9a5a, irq 9
    3: Ext: GigabitEthernet0/3  : address is c84c.75da.9a5b, irq 9
    4: Ext: Management0/0       : address is c84c.75da.9a5c, irq 11
    5: Int: Not used            : irq 11
    6: Int: Not used            : irq 5
    Licensed features for this platform:
    Maximum Physical Interfaces  : Unlimited
    Maximum VLANs                : 150
    Inside Hosts                 : Unlimited
    Failover                     : Active/Active
    VPN-DES                      : Enabled
    VPN-3DES-AES                 : Enabled
    Security Contexts            : 2
    GTP/GPRS                     : Disabled
    VPN Peers                    : 750
    WebVPN Peers                 : 2
    AnyConnect for Mobile        : Disabled
    AnyConnect for Linksys phone : Disabled
    Advanced Endpoint Assessment : Disabled
    UC Proxy Sessions            : 2
    This platform has an ASA 5520 VPN Plus license.
    Serial Number: JMX1433L0Y3
    Running Activation Key: 0x3a17c153 0x8c141630 0xe0f3b5d4 0x86044ccc 0x47193392
    Configuration register is 0x40 (will be 0x1 at next reload)
    Configuration last modified by mgeffroy at 15:33:11.409 CEST Mon Jan 23 2012
    fw-eps-02#

    why don't you use built-in client in mac osx? it supports certificate authentication also.
    another solution would be to buy additional ssl vpn licences: there is a limit of two ssl vpn sessions by default.
    Sent from Cisco Technical Support iPad App

  • ASA 5505 SSL VPN LOG failed

    %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3293 for TLSv1 session.
    %ASA-6-725003: SSL client outside:58.211.122.212/3293 request to resume previous session.
    %ASA-6-725002: Device completed SSL handshake with client outside:58.211.122.212/3293
    %ASA-6-113012: AAA user authentication Successful : local database : user = admin
    %ASA-6-113009: AAA retrieved default group policy (SSLCLientPolicy) for user = admin
    %ASA-6-113008: AAA transaction status ACCEPT : user = admin
    %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.grouppolicy = SSLCLientPolicy
    %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.username = admin
    %ASA-7-734003: DAP: User admin, Addr 58.211.122.212: Session Attribute aaa.cisco.tunnelgroup = SSLClientProfile
    %ASA-6-734001: DAP: User admin, Addr 58.211.122.212, Connection Clientless: The following DAP records were selected for this connection: DfltAccessPolicy
    %ASA-4-716023: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> Session could not be established: session limit of 2 reached.
    %ASA-4-716007: Group <SSLCLientPolicy> User <admin> IP <58.211.122.212> WebVPN Unable to create session.
    %ASA-6-302013: Built inbound TCP connection 137616 for outside:58.211.122.212/3294 (58.211.122.212/3294) to identity:61.155.55.66/443 (61.155.55.66/443)
    %ASA-6-302013: Built inbound TCP connection 137617 for outside:58.211.122.212/3295 (58.211.122.212/3295) to identity:61.155.55.66/443 (61.155.55.66/443)
    %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3294 for TLSv1 session.
    %ASA-6-725003: SSL client outside:58.211.122.212/3294 request to resume previous session.
    %ASA-6-725001: Starting SSL handshake with client outside:58.211.122.212/3295 for TLSv1 session.
    %ASA-6-725003: SSL client outside:58.211.122.212/3295 request to resume previous session.
    Red error what is the reason? Only appears in the window 2003 server.

    ciscoasa# show   activation-key 
    Serial Number:  JMX1314Z1UV
    Running Activation Key: 0x9625fa6a 0x68e90200 0x38c3adac 0xaa0448d0 0x4b3815b6
    Licensed features for this platform:
    Maximum Physical Interfaces    : 8        
    VLANs                          : 3, DMZ Restricted
    Inside Hosts                   : 10       
    Failover                       : Disabled
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 10       
    Dual ISPs                      : Disabled 
    VLAN Trunk Ports               : 0        
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          : Disabled 
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled 
    This platform has a Base license.
    The flash activation key is the SAME as the running key.
    ciscoasa#
    Sure ?it was licence question?

  • IP Phone SSL VPN - Licenses required.

    Hi,
    Can someone confirm the linceses required for me to get this working. I understand that it needs the 'AnyConnect for Cisco VPN Phone' license but do I also need to have anyconnec essentials? This is for ASA version 8.2 and the a license info below is for the ASA i intend to delpoy this on.
    Thanks
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 250
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled
    VPN-3DES-AES                   : Enabled
    Security Contexts              : 2
    GTP/GPRS                       : Disabled
    SSL VPN Peers                  : 2
    Total VPN Peers                : 5000
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled
    AnyConnect for Cisco VPN Phone : Disabled
    AnyConnect Essentials          : Disabled
    Advanced Endpoint Assessment   : Disabled
    UC Phone Proxy Sessions        : 2
    Total UC Proxy Sessions        : 2
    Botnet Traffic Filter          : Disabled
    This platform has an ASA 5550 VPN Premium license.

    Hi,
    You would need Anyconnect Premium license along with Cisco Ip phone feature enabled on ASA for Cisco IP phone to use anyconnect vpn feature.
    You can find more details from following link:
    http://www.cisco.com/en/US/products/ps12726/products_qanda_item09186a0080bf292f.shtml
    Regards,
    Varinder
    P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

  • PIX 525 UR With 1 4-Port FE, 1 VPN Accel Card

    Good day;
    I have a PIX 525 Unrestricted with failover.
    802.bin IOS
    There is 1 4-port FE and a VPN Accelerator card installed in each unit.
    I tried to install a second 4-port FE in both prime and secondary units and the following is the result.
    Once I power up both units the second 4-port FE mimics the first one. Although there are no physical connections to the second 4-port FE's, the port lights on the second FE's light up as the ones on the first 4-port FE.
    Example:
    1st 4-port FE
    Fa0/2 - physical connection - Light on
    Fa0/3 - no physical connection - Light off
    Fa0/4 - physical connection - Light on
    Fa0/5 - no physical connection - Light off
    2nd 4-port FE
    Fa0/6 - no physical connection - Light on
    Fa0/7 - no physical connection - Light off
    Fa0/8 - no physical connection - Light on
    Fa0/9 - no physical connection - Light off
    Also, when the second card is installed the first card will not function and this sets both PIX's as active.
    I'm somewhat baffled.

    Hi;
    Here's the show version.
    As you will see, it allows for 10 physical interfaces.
    I'm scratching my head over this one.
    Cisco PIX Security Appliance Software Version 8.0(2)
    Device Manager Version 6.0(2)
    Compiled on Fri 15-Jun-07 18:25 by builders
    System image file is "flash:/pix802.bin"
    Config file at boot was "startup-config"
    MHCPPIX1 up 27 days 22 hours
    failover cluster up 93 days 1 hour
    Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
    Flash E28F128J3 @ 0xfff00000, 16MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB
    Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
    0: Ext: Ethernet0 : address is 0011.924b.dd31, irq 10
    1: Ext: Ethernet1 : address is 0011.924b.dd32, irq 11
    2: Ext: Ethernet2 : address is 000d.88ee.5d70, irq 11
    3: Ext: Ethernet3 : address is 000d.88ee.5d71, irq 10
    4: Ext: Ethernet4 : address is 000d.88ee.5d72, irq 9
    5: Ext: Ethernet5 : address is 000d.88ee.5d73, irq 5
    Licensed features for this platform:
    Maximum Physical Interfaces : 10
    Maximum VLANs : 100
    Inside Hosts : Unlimited
    Failover : Active/Active
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    Cut-through Proxy : Enabled
    Guards : Enabled
    URL Filtering : Enabled
    Security Contexts : 2
    GTP/GPRS : Disabled
    VPN Peers : Unlimited
    This platform has an Unrestricted (UR) license.

  • AnyConnect for Cisco VPN Phone demo license

    I want to test VPN Phone in the ASA5520,but "show ver" find the "AnyConnect for Cisco VPN Phone : Disabled", www.cisco.com/go/license i didn't find register AnyConnect for Cisco VPN Phone demo license, how to apply for the demo license??
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled
    VPN-3DES-AES                   : Enabled
    Security Contexts              : 2
    GTP/GPRS                       : Disabled
    SSL VPN Peers                  : 2
    Total VPN Peers                : 750
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled
    AnyConnect for Cisco VPN Phone : Disabled
    AnyConnect Essentials          : Disabled
    Advanced Endpoint Assessment   : Disabled
    UC Phone Proxy Sessions        : 2
    Total UC Proxy Sessions        : 2
    Botnet Traffic Filter          : Disabled
    This platform has an ASA 5520 VPN Plus license.

    Hi there,
    Did you try
    https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=717
    Cheers!
    Rob
    "Why not help one another on the way" - Bob Marley

  • Certificate authentication for Cisco VPN client

    I am trying to configure the cisco VPN client for certificate authentication on my ASA 5512-X. I have it setup currently for group authentication with shared pass. This works fine. But in order for you to pass pci compliance you cannot allow aggresive mode for ikev1. the only way to disable aggresive mode (and use main mode) is to use certificate authentication for the vpn client. I know that some one out there must being doing this already. I am goign round and round with this. I am missing some thing.
    I have tried as I might and all I can get are some cryptic error messages from the client and nothing on the firewall. IE failed to genterate signature, invalid remote signature id. I have tried using different signatures (one built on ASA and bought from Godaddy, and one built from Windows CA, and one self signed).
    Can some one provide the instructions on seting this up (asdm or cli). Can this even be done? I would love to just use the AnyConnect client but I believe you need licensing for that since our system states only 2 allowed. Thank you for your help.                    

    Dear Doug ,
              What is asa code your are running on ASA hardware , for cisco anyconnect you need have Code 8.0 on your hardware with cisco anyconnect essential license enabled .Paste your me show version i will help you whether you need to procure license for your hardware . By default your hardware will be shipped with any connect essential license when you have order your hardware with asa code above 8.0 .
    With Any connect essential you are allowed to use upto total VPN peers allowed based on your hardware
    1)  What is the AnyConnect Essentials License?
    The Anyconnect Essentials is a license that allows you to connect up to your 'Total VPN Peers"  platform limit with AnyConnect.  Without an AnyConnect Essentials license, you are limited to the 'SSLVPN Peers' limit on your device.  With the Anyconnect Essentials License, you can only use Anyconnect for SSL - other features such as CSD (Cisco Secure Desktop) and using the SSLVPN portal page for anything other than launching AnyConnect are restricted.
    You can see your limits for the various licensing by issuing the 'show version' command on your ASA.
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          : Disabled 
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Licensed features for this platform:
    Maximum Physical Interfaces    : Unlimited
    Maximum VLANs                  : 150      
    Inside Hosts                   : Unlimited
    Failover                       : Active/Active
    VPN-DES                        : Enabled  
    VPN-3DES-AES                   : Enabled  
    Security Contexts              : 2        
    GTP/GPRS                       : Disabled 
    SSL VPN Peers                  : 2        
    Total VPN Peers                : 750      
    Shared License                 : Disabled
    AnyConnect for Mobile          : Disabled 
    AnyConnect for Cisco VPN Phone : Disabled 
    AnyConnect Essentials          :  Enabled
    Advanced Endpoint Assessment   : Disabled 
    UC Phone Proxy Sessions        : 2        
    Total UC Proxy Sessions        : 2        
    Botnet Traffic Filter          : Disabled
    Any connect VPN Configuration .
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

  • PIX 501 and Linksys VPN Router (WRV200)

    I have inherited a job where we have a Cisco PIX 501 firewall at one site, and Linksys WRV200 VPN Router on two other
    sites. I have been asked to connect these Linksys routers to the PIX firewall via VPN.
    I believe the Linksys vpn routers can only connect via IPSec VPN, so i am looking for help on configuring the PIX 501 to allow the linksys to connect with the following parameters, if possible.
    Key Exchange Method: Auto (IKE)
    Encryption: Auto, 3DES, AES128, AES192, AES256
    Authentication: MD5
    Pre-Shared Key: xxx
    PFS: Enabled/Disabled
    ISAKMP Key Lifetime: 28800
    IPSec Key Lifetime: 3600
    On the PIX i have the PDM installed and i have tried using the VPN Wizard to no avail.
    I chose the following settings when doing the VPN Wizard:
    Type of VPN: Remote Access VPN
    Interface: Outside
    Type of VPN Client Device used: Cisco VPN Client
    (can choose Cisco VPN 3000 Client, MS Windows Client using PPTP, MS Windows client using L2TP)
    VPN Client Group
    Group Name: RabyEstates
    Pre Shared Key: rabytest
    Extended Client Authentication: Disabled
    Address Pool
    Pool Name: VPN-LAN
    Range Start: 192.168.2.200
    Range End: 192.168.2.250
    DNS/WINS/Default Domain: None
    IKE Policy
    Encryption: 3DES
    Authentication: MD5
    DH Group: Group 2 (1024-bit)
    Transform Set
    Encryption: 3DES
    Authentication: MD5
    I have attached the VPN log from the Linksys VPN Router.
    This is the first time i've ever worked with PIX so i'm still trying to figure the thing out, but i'm confident with CCNA level networking.
    Thanks for your help!

    Hi again,
    I believe the pix has a 3des license because of the following parts of the "show version"
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    This PIX has a Restricted (R) license.
    I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
    As for the other show commands they give:
    pixfirewall# show crypto isakmp sa
    Total : 0
    Embryonic : 0
    dst src state pending created
    pixfirewall# show crypto ipsec sa
    interface: outside
    Crypto map tag: transam, local addr. 10.0.0.1
    local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
    current_peer: 10.0.0.2:0
    PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0
    local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
    path mtu 1500, ipsec overhead 0, media mtu 1500
    current outbound spi: 0
    inbound esp sas:
    inbound ah sas:
    inbound pcp sas:
    outbound esp sas:
    outbound ah sas:
    outbound pcp sas:
    pixfirewall#
    Thanks again Daniel, i really appreciate your help on this matter.

  • First time vpn router

                       First time with a vpn router and need advice getting everything running with my current vpn provider.
    router: 887vag vdsl2/adsl2+ POTS with 3g.
    question: Do i need to flash the router with dd-wrt?
    Are there any step by step guides you can give for this
    thnx

    Hi again,
    I believe the pix has a 3des license because of the following parts of the "show version"
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    This PIX has a Restricted (R) license.
    I've tried reconnecting the VPN tunnel with debugging on the PIX and get the output as shown in the attached file "vpndebug.txt"
    As for the other show commands they give:
    pixfirewall# show crypto isakmp sa
    Total : 0
    Embryonic : 0
    dst src state pending created
    pixfirewall# show crypto ipsec sa
    interface: outside
    Crypto map tag: transam, local addr. 10.0.0.1
    local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
    current_peer: 10.0.0.2:0
    PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0
    local crypto endpt.: 10.0.0.1, remote crypto endpt.: 10.0.0.2
    path mtu 1500, ipsec overhead 0, media mtu 1500
    current outbound spi: 0
    inbound esp sas:
    inbound ah sas:
    inbound pcp sas:
    outbound esp sas:
    outbound ah sas:
    outbound pcp sas:
    pixfirewall#
    Thanks again Daniel, i really appreciate your help on this matter.

  • Software license of ASA5510 to enable Failover

         I have two ASA5510. I want to make failover between the two firewalls. However, when I use the command "show version", the display shows that the Failover is disabled. Anyone can help me?
         Here is the output of "show version":
    Licensed features for this platform:
    Maximum Physical Interfaces         : Unlimited
    Maximum VLANs                          : 50       
    Inside Hosts                                  : Unlimited
    Failover                                         : Disabled
    VPN-DES                                     : Enabled  
    VPN-3DES-AES                            : Disabled 
    Security Contexts                          : 0        
    GTP/GPRS                                   : Disabled 
    SSL VPN Peers                             : 2        
    Total VPN Peers                            : 250      
    Shared License                              : Disabled
    AnyConnect for Mobile                    : Disabled 
    AnyConnect for Cisco VPN Phone  : Disabled 
    AnyConnect Essentials                  : Disabled 
    Advanced Endpoint Assessment     : Disabled 
    UC Phone Proxy Sessions             : 2        
    Total UC Proxy Sessions               : 2        
    Botnet Traffic Filter                         : Disabled 
    This platform has a Base license.

    Hello Liwei,
    Security Plus license is required on both units in order to enable failover,
    Check my blog at http:laguiadelnetworking.com for further information.
    Cheers,
    Julio Carvajal Segura

Maybe you are looking for

  • Xinit randomly doesn't start [solved]

    Recently I ran into a strange problem with xinit;  unfortunately there's not much I can say about it.  Basically, when I try to start X with xinit/startx, my laptop just hangs on a black screen.  I can't change ttys, magic Alt-SysRec keys don't work.

  • Transfering services on skype

    I have an international unlimited call feature that comes annually to renewal in April. I have been reading about SKYPE PREMIUM which seems to have features which include this unlimited call. How do I tell you that I want to stop my international cal

  • Forms server  6i

    Hi All, I need to configure oracle forms server 6i(web and client server). Can anybody refer me any good link on the same. I did a Google but nothing found useful. regards, .

  • Want to know about SAP course and SAP modules

      I am Sandeep, done BBM and have 3 years experience as Medical Representative(Pharma sales), and i'm perusing MBA in Sikkim Manipal University Distance Education, i came to know that SAP course has lot of scope in major industries, so that want to k

  • Insert XMLTYPE data into CLOB column

    Hi, I am trying to insert XMLTYPE datatype column value into the CLOB datatype column. I get an error - ORA - 00932: Inconsistent datatypes: expected CLOB got - How do I insert xml type data into clob? Thanks!