Cisco ASA Documentation

From ITCwiki
Revision as of 20:27, 4 May 2020 by BenFranske (talk | contribs)
Jump to navigation Jump to search

Activating VPN-3DES-AES License on an ASA 5505

If your Cisco ASA 5505 gives you an error message stating "The 3DES/AES algorithms require a VPN-3DES-AES activation key." Follow these steps to activate the free 3DES-AES license.

  1. Run the show activation-key command on your ASA. Note that the Encryption-3DES-AES line is listed as "Disabled" also note the Serial Number which is included in the output
  2. Go to the Cisco Licensing page at https://tools.cisco.com/SWIFT/LicensingUI/Quickstart and login with your Cisco login
  3. Go to the "Devices" tab on the "Product License Registration" page at Cisco
  4. Click "Add Devices"
  5. Choose "ASA 5500 Series" for the "Product Family"
  6. Enter in the serial number for your ASA which you got from the "show activation-key" command and click "OK".
  7. Once the device shows up in your list of devices hover over the serial number and click the blue arrow to the right of the serial number and choose "Download License"
  8. Open the ZIP file which downloads and open the ASA3DES... ZIP file
  9. Open the ASA3DES...LIC file with notepad
  10. At the bottom of the file will be the serial number plus 5 groups of hexadecimal digits. You will need to add a "0x" on to the front of each group of hexadecimal digits.
  11. Enter the activation-key command on your ASA you will follow it with the five groups of hex digits from your license file like activation-key 0x8c07de7b 0x0c5cd0bc 0x30c27dac 0xba7c5870 0x840a7c9d (note this particular code is invalid and you need to generate one on the Cisco site specific to your serial number and press enter.
  12. You will probably receive a warning or notice
  13. Run the show activation-key command on your ASA. Note that the Encryption-3DES-AES line is now listed as "Enabled"