?
Solved

Command "crypto ipsec transform-set-   " can not be typed into

Posted on 2014-04-16
7
Medium Priority
?
545 Views
Last Modified: 2014-04-22
Hi, I am configuring ASA 5520. but when I typed "crypto ipsec transform-set ccie esp-3des " it cannot be typed. Please see below. Any one can give me some suggestion ? Thank you
 
 aa
0
Comment
Question by:EESky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 1000 total points
ID: 40006046
Do you have a 3DES licence on the firewall?

'Show verison'

If not they are free!!

Pete
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40006048
or if its a shiny newer firewall try

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40006406
Hit tab a few times after each parameter, make sure it's capable, and like the others have said, make sure you have a license for 3DES.
-rich
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:EESky
ID: 40008040
Thank you so much for your fast reply. I think you are right. The following is show version info:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 51 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 00ab.cd92.5200, irq 0
 1: Ext: GigabitEthernet1    : address is 00ab.cd92.5201, irq 0
 2: Ext: GigabitEthernet2    : address is 0000.ab2b.9802, irq 0
 3: Ext: GigabitEthernet3    : address is 0000.ab89.fe03, irq 0
 4: Ext: GigabitEthernet4    : address is 0000.ab68.2f04, irq 0
 5: Ext: GigabitEthernet5    : address is 0000.ab23.d705, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Disabled       perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 5000           perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration has not been modified since last system restart.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 1000 total points
ID: 40008765
Since you are running this ASA in GNS3, there are a couple relatively well-known activation keys you can use. These keys can be found via google searching.

The activation key to apply is:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5

or

activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6
0
 

Author Comment

by:EESky
ID: 40009957
Thank you so much. I got it.
BTW, I am curious about the real device. The key can be used on the real asa ? I know the answer should be no, but how is Cisco do that ?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40014727
>> The key can be used on the real asa

No - the activation key is the mathematical result of the licence and the serial number of the chassis.

The reason why these keys work in GNS3 is because we know the chassis number of the virtual ASA is 123456789AB

Who worked out that activation key? I do not know, but someone did, and that someone could apply the same mathematical process to a real ASA serial number I suppose.

The GNS3 activation keys are quite well known I have one on my own site here.

P
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question