Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN issue on ASA5505: An IKEv2 remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (ECDH group) without an AnyConnect Premium license.

After configuring the anyconnect vpn on asa 5505 with base license I have got following error message:

3Oct 11 201314:15:02




Local: Remote: Username:Unknown An IKEv2 remote access connection failed. Attempting to use an NSA Suite B crypto algorithm (ECDH group) without an AnyConnect Premium license.


Under following link I found a reference to that message:          

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

"NGE requires an AnyConnect premium license for IKEv2 remote access connections using NSA Suite B algorithms. Suite B algorithm usage for other connections or purposes (such as PKI) has no limitations. License checks are performed for remote access connections. If you receive a message that you are attempting to use an NSA Suite B crypto algorithm without an AnyConnect premium license, you have the option to either install the premium license or reconfigure the crypto settings to an appropriate level."

From "show version" command I can that the platform is licensed for 2 anyconnect Premium Peers:

Licensed features for this platform:

Maximum Physical Interfaces       : 8              perpetual

VLANs                             : 3              DMZ Restricted

Dual ISPs                         : Disabled       perpetual

VLAN Trunk Ports                  : 0              perpetual

Inside Hosts                      : 10             perpetual

Failover                          : Disabled       perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 10             perpetual

Total VPN Peers                   : 12             perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

Cluster                           : Disabled       perpetual

I'm running ASA software version 9.1.2.

I have had a look at the ccw and there is no option of adding any additional premium licensing as far as I can tell.

Did anyone experience that issue?

Any help/suggestions are much appreciated.

Kind Regards,

--

Paul Preston
Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479
Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL
Tel:  (+44) 0844 809 4335
Fax: (+44) 01732 468 574
Mob: (+44) 077 9509 3450
Web: www.proxar.co.uk
Email: paul.preston@proxar.co.uk       

-- Paul Preston Proxar IT Ltd. Registered in England and Wales: 6744401- VAT: 942985479 Tubs Hill House, London Road, Sevenoaks, Kent, TN13 1BL Tel: (+44) 0844 809 4335 Fax: (+44) 01732 468 574 Mob: (+44) 077 9509 3450 Web: www.proxar.co.uk Email
Everyone's tags (3)
1 REPLY

VPN issue on ASA5505: An IKEv2 remote access connection failed.

Hi Paul,

search for the following SKU: L-ASA-SSL

Patrick

423
Views
0
Helpful
1
Replies
CreatePlease login to create content