Cisco 5540 防火墙上缺少加密选项?

网络工程 防火墙 思科
2021-07-09 14:27:01

ASA 5540 VPN 高级许可证。版本 9.1(7)

asa01(config)# crypto key generate rsa label sslvpnkey                             
                      ^                                                         
ERROR: % Invalid input detected at '^' marker.

似乎我缺少加密选项:

asa01(config)# crypto ?

configure mode commands/options:
  engine  Configure crypto engine
  isakmp  Configure ISAKMP

sh ver 输出:

Cisco Adaptive Security Appliance Software Version 9.1(7) <system>

Compiled on Thu 14-Jan-16 09:37 by builders
System image file is "disk0:/asa917-k8.bin"
Config file at boot was "startup-config"

asa01 up 9 mins 24 secs

Hardware:   ASA5540, 2048 MB RAM, CPU Pentium 4 2000 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00 
                             SSL/IKE microcode     : CNlite-MC-SSLm-PLUS-2.08
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.09
                             Number of accelerators: 1

 0: Ext: GigabitEthernet0/0  : address is 0025.45d7.883a, irq 9
 1: Ext: GigabitEthernet0/1  : address is 0025.45d7.883b, irq 9
 2: Ext: GigabitEthernet0/2  : address is 0025.45d7.883c, irq 9
 3: Ext: GigabitEthernet0/3  : address is 0025.45d7.883d, irq 9
 4: Ext: Management0/0       : address is 0025.45d7.883e, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Enabled        perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: ***********
Running Permanent Activation Key: ********** ********** ********** ********** ********** 
Configuration register is 0x1
Configuration has not been modified since last system restart.

更新:我处于多上下文模式,切换到单上下文后,webvpn现在可以识别命令(只有remove选项)并且加密现在只有ca选项。

为什么我缺少选项?

1个回答

思科自适应安全设备软件版本 9.1(7) <系统>

正如我在您之前的 NE 问题中所问的那样,您正在多上下文模式下运行。版本行末尾的“<system>”是死的赠品。您不能从system上下文设置 RSA 密钥您需要处于特定上下文中——或者关闭多上下文模式。

其它你可能感兴趣的问题
上一篇连接到调制解调器的路由器上的 VPN 是否可以绕过由两个未桥接并相互连接的路由器创建的双 NAT? 下一篇TCP连接问题