Easy VPN on ASA

Answered Question
Dec 3rd, 2009

Dear all,

I configured easy VPN on my ASA, but, when i type the following command, it gives  me this error as shown:

SA-Gate(config)# crypto ipsec transform-set myset esp-3des esp-md5-hmac
The 3DES/AES algorithms require a VPN-3DES-AES activation key.
ASA-Gate(config)# crypto dynamic-map dmap 100 set transform-set myset
ERROR: transform set with tag "myset" does not exist.

So, this issue concerning Licensed features on ASA and if so, what is all required to complete the easy VPN configuration.

N.B.: sh version of ASA is attached.

I have this problem too.
0 votes
Correct Answer by Pedro Ivo Santo... about 7 years 1 month ago

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Pedro Ivo Santo... Mon, 12/07/2009 - 10:21

Hi Ahmed,

Hope you are doing fine!

Actually your activation key (license) only allows you use DES encryption level (not 3DES or AES).

So when configuring the transform set. You have to set ecryption as DES:

"crypto ipsec transform-set myset esp-des esp-md5-hmac"


Otherwise, you ned a license upgrade to enable 3DES/AES. Check this link:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/DESlic.html

Hope this helps you.

Cheers,

Pedro

Ahmed Yassin Tue, 12/08/2009 - 02:34

Thx a lot for your suggestion, and it is

worked well with me.

But, if you please, what is the exact difference bet. 3DES & DES.

Pedro Ivo Santo... Tue, 12/08/2009 - 03:46

Hi Ahmed,

The difference between them is the level of strength of the encryption algorythm. 3DES uses 3 encryption keys (created by the algorythm) while DES uses only one. In practical terms, 3DES has a 3 times longer key to encrypt data than DES, what makes 3DES a stronger method.

Cheers,

Pedro

Actions

This Discussion