VPN licensing

You do not need any specific license to enable VPN on a Firewall Threat Defense device, it is available by default.

The Cloud-Delivered Firewall Management Center determines whether to allow or block the usage of strong encryption in the Firewall Threat Defense device based on the export-controlled functionality in the device. You can enable this functionality when you register with the Cisco Smart License Manager. If you are using the evaluation license, or you did not enable export-controlled functionality, you cannot use strong encryption. Choose Administration > Licenses > Smart Licenses to verify this functionality in Cloud-Delivered Firewall Management Center.

If you created your VPN configurations with an evaluation license and later upgraded your license to a smart license with export-controlled functionality, check and update your encryption algorithms to use stronger encryption so that the VPNs function properly. Do not use DES-based encryption, as it is not supported.