1

I'm trying to set up a VPN and am struggling a little. I've googled some of the lines in the log and someone suggested that to use AES encryption I have to purchase a license from Cisco. Can anyone confirm if this is the case?

James
  • 325
  • 2
  • 11
  • 22

2 Answers2

4

3DES/AES is part of the base license and is freely available.

The reason you don't have it usable on your device is probably that the license was erased at some point, and the license that it reverts to using when no activation key is present doesn't include this feature (due to our antiquated export restrictions on strong cryptography).

You'll need a Cisco login, but no support contract is required. Go here, scroll down to the "ASA 3DES/AES License" link (direct form link here, but I don't know how long this link's shelf life will be), and enter your info - the activation key will be emailed to you almost immediately.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
0

Login to the ASA and do:

show activation-key

This will show you the features you currently have licensed. VPN-3DES-AES is what you are looking for. You should have it unless you specifically asked for an ASA without it, or you bricked your ASA and recovered it, losing the license details.

You can request an upgrade to 3DES for free as Shane said, but if you bricked your ASA and recovered, you probably want to contact Cisco or your reseller to get the license key back in case you lost some other features too.

dunxd
  • 9,632
  • 22
  • 81
  • 118
  • People who value the confidentiality of their data would never use DES – Jason Berg Jul 29 '11 at 15:54
  • Fair point. And I noticed that 3DES is available in the base install. My guess is that you have to specifically request an ASA *without* 3DES not to get it. – dunxd Jul 29 '11 at 16:16