Solved

Command "crypto ipsec transform-set-   " can not be typed into

Posted on 2014-04-16
7
509 Views
Last Modified: 2014-04-22
Hi, I am configuring ASA 5520. but when I typed "crypto ipsec transform-set ccie esp-3des " it cannot be typed. Please see below. Any one can give me some suggestion ? Thank you
 
 aa
0
Comment
Question by:EESky
7 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 40006046
Do you have a 3DES licence on the firewall?

'Show verison'

If not they are free!!

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40006048
or if its a shiny newer firewall try

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40006406
Hit tab a few times after each parameter, make sure it's capable, and like the others have said, make sure you have a license for 3DES.
-rich
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:EESky
ID: 40008040
Thank you so much for your fast reply. I think you are right. The following is show version info:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 51 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 00ab.cd92.5200, irq 0
 1: Ext: GigabitEthernet1    : address is 00ab.cd92.5201, irq 0
 2: Ext: GigabitEthernet2    : address is 0000.ab2b.9802, irq 0
 3: Ext: GigabitEthernet3    : address is 0000.ab89.fe03, irq 0
 4: Ext: GigabitEthernet4    : address is 0000.ab68.2f04, irq 0
 5: Ext: GigabitEthernet5    : address is 0000.ab23.d705, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration has not been modified since last system restart.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 250 total points
ID: 40008765
Since you are running this ASA in GNS3, there are a couple relatively well-known activation keys you can use. These keys can be found via google searching.

The activation key to apply is:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

or

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
0
 

Author Comment

by:EESky
ID: 40009957
Thank you so much. I got it.
BTW, I am curious about the real device. The key can be used on the real asa ? I know the answer should be no, but how is Cisco do that ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40014727
>> The key can be used on the real asa

No - the activation key is the mathematical result of the licence and the serial number of the chassis.

The reason why these keys work in GNS3 is because we know the chassis number of the virtual ASA is 123456789AB

Who worked out that activation key? I do not know, but someone did, and that someone could apply the same mathematical process to a real ASA serial number I suppose.

The GNS3 activation keys are quite well known I have one on my own site here.

P
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now