Solved

Command "crypto ipsec transform-set-   " can not be typed into

Posted on 2014-04-16
7
535 Views
Last Modified: 2014-04-22
Hi, I am configuring ASA 5520. but when I typed "crypto ipsec transform-set ccie esp-3des " it cannot be typed. Please see below. Any one can give me some suggestion ? Thank you
 
 aa
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40006046
Do you have a 3DES licence on the firewall?

'Show verison'

If not they are free!!

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40006048
or if its a shiny newer firewall try

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40006406
Hit tab a few times after each parameter, make sure it's capable, and like the others have said, make sure you have a license for 3DES.
-rich
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:EESky
ID: 40008040
Thank you so much for your fast reply. I think you are right. The following is show version info:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 51 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 00ab.cd92.5200, irq 0
 1: Ext: GigabitEthernet1    : address is 00ab.cd92.5201, irq 0
 2: Ext: GigabitEthernet2    : address is 0000.ab2b.9802, irq 0
 3: Ext: GigabitEthernet3    : address is 0000.ab89.fe03, irq 0
 4: Ext: GigabitEthernet4    : address is 0000.ab68.2f04, irq 0
 5: Ext: GigabitEthernet5    : address is 0000.ab23.d705, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration has not been modified since last system restart.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 40008765
Since you are running this ASA in GNS3, there are a couple relatively well-known activation keys you can use. These keys can be found via google searching.

The activation key to apply is:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

or

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
0
 

Author Comment

by:EESky
ID: 40009957
Thank you so much. I got it.
BTW, I am curious about the real device. The key can be used on the real asa ? I know the answer should be no, but how is Cisco do that ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40014727
>> The key can be used on the real asa

No - the activation key is the mathematical result of the licence and the serial number of the chassis.

The reason why these keys work in GNS3 is because we know the chassis number of the virtual ASA is 123456789AB

Who worked out that activation key? I do not know, but someone did, and that someone could apply the same mathematical process to a real ASA serial number I suppose.

The GNS3 activation keys are quite well known I have one on my own site here.

P
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question