Missing crypto options on Cisco 5540 firewall?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

ASA 5540 VPN Premium license. Version 9.1(7)

asa01(config)# crypto key generate rsa label sslvpnkey 
 ^ 
ERROR: % Invalid input detected at '^' marker. 

It seems I'm missing options for crypto:

asa01(config)# crypto ?

configure mode commands/options:
 engine Configure crypto engine
 isakmp Configure ISAKMP

sh ver output:

Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
 Boot microcode : CN1000-MC-BOOT-2.00 
 SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
 Number of accelerators: 1

 0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
 1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
 2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
 3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
 4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
 5: Int: Not used : irq 11
 6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** ********** 
Configuration register is 0x1
Configuration has not been modified since last system restart.

Why am I missing options?

firewall cisco-asa

share|improve this question

asked 58 mins ago

Don Peat

1063

migrated from serverfault.com 38 mins ago

This question came from our site for system and network administrators.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Did it work before you installed the firmware update?
  – Michael Hampton
  47 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @MichaelHampton No
  – Don Peat
  44 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

ASA 5540 VPN Premium license. Version 9.1(7)

asa01(config)# crypto key generate rsa label sslvpnkey 
 ^ 
ERROR: % Invalid input detected at '^' marker. 

It seems I'm missing options for crypto:

asa01(config)# crypto ?

configure mode commands/options:
 engine Configure crypto engine
 isakmp Configure ISAKMP

sh ver output:

Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
 Boot microcode : CN1000-MC-BOOT-2.00 
 SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
 Number of accelerators: 1

 0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
 1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
 2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
 3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
 4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
 5: Int: Not used : irq 11
 6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** ********** 
Configuration register is 0x1
Configuration has not been modified since last system restart.

Why am I missing options?

firewall cisco-asa

share|improve this question

asked 58 mins ago

Don Peat

1063

migrated from serverfault.com 38 mins ago

This question came from our site for system and network administrators.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Did it work before you installed the firmware update?
  – Michael Hampton
  47 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @MichaelHampton No
  – Don Peat
  44 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

ASA 5540 VPN Premium license. Version 9.1(7)

asa01(config)# crypto key generate rsa label sslvpnkey 
 ^ 
ERROR: % Invalid input detected at '^' marker. 

It seems I'm missing options for crypto:

asa01(config)# crypto ?

configure mode commands/options:
 engine Configure crypto engine
 isakmp Configure ISAKMP

sh ver output:

Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
 Boot microcode : CN1000-MC-BOOT-2.00 
 SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
 Number of accelerators: 1

 0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
 1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
 2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
 3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
 4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
 5: Int: Not used : irq 11
 6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** ********** 
Configuration register is 0x1
Configuration has not been modified since last system restart.

Why am I missing options?

firewall cisco-asa

share|improve this question

asked 58 mins ago

Don Peat

1063

ASA 5540 VPN Premium license. Version 9.1(7)

asa01(config)# crypto key generate rsa label sslvpnkey 
 ^ 
ERROR: % Invalid input detected at '^' marker. 

It seems I'm missing options for crypto:

asa01(config)# crypto ?

configure mode commands/options:
 engine Configure crypto engine
 isakmp Configure ISAKMP

sh ver output:

Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware: ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
 Boot microcode : CN1000-MC-BOOT-2.00 
 SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
 Number of accelerators: 1

 0: Ext: GigabitEthernet0/0 : address is 0025.45d7.883a, irq 9
 1: Ext: GigabitEthernet0/1 : address is 0025.45d7.883b, irq 9
 2: Ext: GigabitEthernet0/2 : address is 0025.45d7.883c, irq 9
 3: Ext: GigabitEthernet0/3 : address is 0025.45d7.883d, irq 9
 4: Ext: Management0/0 : address is 0025.45d7.883e, irq 11
 5: Int: Not used : irq 11
 6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Enabled perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** ********** 
Configuration register is 0x1
Configuration has not been modified since last system restart.

Why am I missing options?

firewall cisco-asa

firewall cisco-asa

share|improve this question

asked 58 mins ago

Don Peat

1063

share|improve this question

asked 58 mins ago

Don Peat

1063

share|improve this question

share|improve this question

asked 58 mins ago

Don Peat

1063

asked 58 mins ago

Don Peat

1063

asked 58 mins ago

Don Peat

1063

1063

migrated from serverfault.com 38 mins ago

This question came from our site for system and network administrators.

migrated from serverfault.com 38 mins ago

This question came from our site for system and network administrators.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Did it work before you installed the firmware update?
  – Michael Hampton
  47 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @MichaelHampton No
  – Don Peat
  44 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Did it work before you installed the firmware update?
  – Michael Hampton
  47 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @MichaelHampton No
  – Don Peat
  44 mins ago
  

  
  
  
  

Did it work before you installed the firmware update?
– Michael Hampton
47 mins ago

Did it work before you installed the firmware update?
– Michael Hampton
47 mins ago

@MichaelHampton No
– Don Peat
44 mins ago

@MichaelHampton No
– Don Peat
44 mins ago

add a comment | 

1 Answer
1

active

oldest

votes

up vote
2
down vote

You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.

See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54114%2fmissing-crypto-options-on-cisco-5540-firewall%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote

You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.

See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

add a comment | 

up vote
2
down vote

You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.

See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

add a comment | 

up vote
2
down vote

up vote
2
down vote

You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.

See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

You are running a k8 firmware. Only k9 firmware has 3DES/AES enabled.

See: https://community.cisco.com/t5/firewalls/asa-5510-k8-vs-asa-5510-k9/td-p/1866381

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

share|improve this answer

share|improve this answer

answered 39 mins ago

Mark Henderson

280112

answered 39 mins ago

Mark Henderson

280112

answered 39 mins ago

Mark Henderson

280112

280112

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f54114%2fmissing-crypto-options-on-cisco-5540-firewall%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email