• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

Command "crypto ipsec transform-set- " can not be typed into

Hi, I am configuring ASA 5520. but when I typed "crypto ipsec transform-set ccie esp-3des " it cannot be typed. Please see below. Any one can give me some suggestion ? Thank you
 
 aa
0
EESky
Asked:
EESky
2 Solutions
 
Pete LongConsultantCommented:
Do you have a 3DES licence on the firewall?

'Show verison'

If not they are free!!

Pete
0
 
Pete LongConsultantCommented:
or if its a shiny newer firewall try

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
0
 
Rich RumbleSecurity SamuraiCommented:
Hit tab a few times after each parameter, make sure it's capable, and like the others have said, make sure you have a license for 3DES.
-rich
0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 
EESkyAuthor Commented:
Thank you so much for your fast reply. I think you are right. The following is show version info:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 51 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 00ab.cd92.5200, irq 0
 1: Ext: GigabitEthernet1    : address is 00ab.cd92.5201, irq 0
 2: Ext: GigabitEthernet2    : address is 0000.ab2b.9802, irq 0
 3: Ext: GigabitEthernet3    : address is 0000.ab89.fe03, irq 0
 4: Ext: GigabitEthernet4    : address is 0000.ab68.2f04, irq 0
 5: Ext: GigabitEthernet5    : address is 0000.ab23.d705, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration has not been modified since last system restart.
0
 
rauenpcCommented:
Since you are running this ASA in GNS3, there are a couple relatively well-known activation keys you can use. These keys can be found via google searching.

The activation key to apply is:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

or

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
0
 
EESkyAuthor Commented:
Thank you so much. I got it.
BTW, I am curious about the real device. The key can be used on the real asa ? I know the answer should be no, but how is Cisco do that ?
0
 
Pete LongConsultantCommented:
>> The key can be used on the real asa

No - the activation key is the mathematical result of the licence and the serial number of the chassis.

The reason why these keys work in GNS3 is because we know the chassis number of the virtual ASA is 123456789AB

Who worked out that activation key? I do not know, but someone did, and that someone could apply the same mathematical process to a real ASA serial number I suppose.

The GNS3 activation keys are quite well known I have one on my own site here.

P
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now