VPN Licensing

There is no specific licensing for enabling Firepower Threat Defense VPN, it is available by default.

The Cisco Defense Orchestrator determines whether to allow or block the usage of strong crypto on a Firepower Threat Defense device based on attributes provided by the smart licensing server.

This is controlled by whether you selected the option to allow export-controlled functionality on the device when you registered with Cisco Smart License Manager. If you are using the evaluation license, or you did not enable export-controlled functionality, you cannot use strong encryption.

If you have created your VPN configurations with evaluation license, and upgrade your license from evaluation to smart license with export-controlled functionality, check and update your encryption algorithms for stronger encryption and for the VPNs to work properly. DES based encryptions are no longer supported.