Missing crypto options on Cisco 5540 firewall?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












ASA 5540 VPN Premium license. Version 9.1(7)



asa01(config)# crypto key generate rsa label sslvpnkey 
^
ERROR: % Invalid input detected at '^' marker.


It seems I'm missing options for crypto:



asa01(config)# crypto ?

configure mode commands/options:
engine Configure crypto engine
isakmp Configure ISAKMP


sh ver output:



Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** **********
Configuration register is 0x1
Configuration has not been modified since last system restart.


Why am I missing options?










share|improve this question













migrated from serverfault.com 38 mins ago


This question came from our site for system and network administrators.














  • Did it work before you installed the firmware update?
    – Michael Hampton
    47 mins ago










  • @MichaelHampton No
    – Don Peat
    44 mins ago














up vote
1
down vote

favorite












ASA 5540 VPN Premium license. Version 9.1(7)



asa01(config)# crypto key generate rsa label sslvpnkey 
^
ERROR: % Invalid input detected at '^' marker.


It seems I'm missing options for crypto:



asa01(config)# crypto ?

configure mode commands/options:
engine Configure crypto engine
isakmp Configure ISAKMP


sh ver output:



Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** **********
Configuration register is 0x1
Configuration has not been modified since last system restart.


Why am I missing options?










share|improve this question













migrated from serverfault.com 38 mins ago


This question came from our site for system and network administrators.














  • Did it work before you installed the firmware update?
    – Michael Hampton
    47 mins ago










  • @MichaelHampton No
    – Don Peat
    44 mins ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











ASA 5540 VPN Premium license. Version 9.1(7)



asa01(config)# crypto key generate rsa label sslvpnkey 
^
ERROR: % Invalid input detected at '^' marker.


It seems I'm missing options for crypto:



asa01(config)# crypto ?

configure mode commands/options:
engine Configure crypto engine
isakmp Configure ISAKMP


sh ver output:



Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** **********
Configuration register is 0x1
Configuration has not been modified since last system restart.


Why am I missing options?










share|improve this question













ASA 5540 VPN Premium license. Version 9.1(7)



asa01(config)# crypto key generate rsa label sslvpnkey 
^
ERROR: % Invalid input detected at '^' marker.


It seems I'm missing options for crypto:



asa01(config)# crypto ?

configure mode commands/options:
engine Configure crypto engine
isakmp Configure ISAKMP


sh ver output:



Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** **********
Configuration register is 0x1
Configuration has not been modified since last system restart.


Why am I missing options?







firewall cisco-asa






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 58 mins ago









Don Peat

1063




1063




migrated from serverfault.com 38 mins ago


This question came from our site for system and network administrators.






migrated from serverfault.com 38 mins ago


This question came from our site for system and network administrators.













  • Did it work before you installed the firmware update?
    – Michael Hampton
    47 mins ago










  • @MichaelHampton No
    – Don Peat
    44 mins ago
















  • Did it work before you installed the firmware update?
    – Michael Hampton
    47 mins ago










  • @MichaelHampton No
    – Don Peat
    44 mins ago















Did it work before you installed the firmware update?
– Michael Hampton
47 mins ago




Did it work before you installed the firmware update?
– Michael Hampton
47 mins ago












@MichaelHampton No
– Don Peat
44 mins ago




@MichaelHampton No
– Don Peat
44 mins ago










1 Answer
1






active

oldest

votes

















up vote
2
down vote













You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.



See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "496"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54114%2fmissing-crypto-options-on-cisco-5540-firewall%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.



    See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381






    share|improve this answer
























      up vote
      2
      down vote













      You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.



      See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381






      share|improve this answer






















        up vote
        2
        down vote










        up vote
        2
        down vote









        You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.



        See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381






        share|improve this answer












        You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.



        See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 39 mins ago









        Mark Henderson

        280112




        280112



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54114%2fmissing-crypto-options-on-cisco-5540-firewall%23new-answer', 'question_page');

            );

            Post as a guest













































































            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke