[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Command "crypto ipsec transform-set-   " can not be typed into

Posted on 2014-04-16
7
Medium Priority
?
551 Views
Last Modified: 2014-04-22
Hi, I am configuring ASA 5520. but when I typed "crypto ipsec transform-set ccie esp-3des " it cannot be typed. Please see below. Any one can give me some suggestion ? Thank you
 
 aa
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 1000 total points
ID: 40006046
Do you have a 3DES licence on the firewall?

'Show verison'

If not they are free!!

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40006048
or if its a shiny newer firewall try

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40006406
Hit tab a few times after each parameter, make sure it's capable, and like the others have said, make sure you have a license for 3DES.
-rich
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:EESky
ID: 40008040
Thank you so much for your fast reply. I think you are right. The following is show version info:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 51 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 00ab.cd92.5200, irq 0
 1: Ext: GigabitEthernet1    : address is 00ab.cd92.5201, irq 0
 2: Ext: GigabitEthernet2    : address is 0000.ab2b.9802, irq 0
 3: Ext: GigabitEthernet3    : address is 0000.ab89.fe03, irq 0
 4: Ext: GigabitEthernet4    : address is 0000.ab68.2f04, irq 0
 5: Ext: GigabitEthernet5    : address is 0000.ab23.d705, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration has not been modified since last system restart.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 1000 total points
ID: 40008765
Since you are running this ASA in GNS3, there are a couple relatively well-known activation keys you can use. These keys can be found via google searching.

The activation key to apply is:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

or

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
0
 

Author Comment

by:EESky
ID: 40009957
Thank you so much. I got it.
BTW, I am curious about the real device. The key can be used on the real asa ? I know the answer should be no, but how is Cisco do that ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40014727
>> The key can be used on the real asa

No - the activation key is the mathematical result of the licence and the serial number of the chassis.

The reason why these keys work in GNS3 is because we know the chassis number of the virtual ASA is 123456789AB

Who worked out that activation key? I do not know, but someone did, and that someone could apply the same mathematical process to a real ASA serial number I suppose.

The GNS3 activation keys are quite well known I have one on my own site here.

P
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question