02-13-2008 09:33 AM - edited 03-05-2019 09:08 PM
A new router was shipped from Ingram 2811 VSEC-CCME/K9. It is supposed to have a firewall feature set and Encryption I don't see all that on the IOS. When I do show version i see flash:c2800nm-advipservicesk9-mz.124-3i.bin". How do I access the security bundle.
Solved! Go to Solution.
02-13-2008 09:48 AM
You need to configure it. (see CBAC)
To check and see if the encryption card is being recognized by IOS.
RTR3825-1#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: aim 0
VPN Module in slot: 0
Product Name: AIM-VPN/SSL-3
Software Serial #: 55AA
Device ID: 001F - revision 0000
Vendor ID: 0000
Revision No: 0x001F0000
VSK revision: 0
Boot version: 255
DPU version: 0
HSP version: 3.4(1) (PRODUCTION)
Time running: 6w1d
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 2000
Maximum SA index: 2000
Maximum Flow index: 4000
Maximum RSA key size: 2048
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Disabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 01100200
Time running: 3777585 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: B01D79DE
crypto engine state: installed
crypto engine in slot: N/A
HTH
02-13-2008 09:48 AM
You need to configure it. (see CBAC)
To check and see if the encryption card is being recognized by IOS.
RTR3825-1#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: aim 0
VPN Module in slot: 0
Product Name: AIM-VPN/SSL-3
Software Serial #: 55AA
Device ID: 001F - revision 0000
Vendor ID: 0000
Revision No: 0x001F0000
VSK revision: 0
Boot version: 255
DPU version: 0
HSP version: 3.4(1) (PRODUCTION)
Time running: 6w1d
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 2000
Maximum SA index: 2000
Maximum Flow index: 4000
Maximum RSA key size: 2048
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Disabled
Location: onboard 0
Product Name: Onboard-VPN
FW Version: 01100200
Time running: 3777585 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0500
Maximum SA index: 0500
Maximum Flow index: 1000
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: B01D79DE
crypto engine state: installed
crypto engine in slot: N/A
HTH
02-13-2008 10:03 AM
This is the output when I run this command
show crypto engine brief?
brief
GantechRtr#show crypto engine brief ?
| Output modifiers
GantechRtr#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
Middleware Version: v1.2.0
Firmware Version: v2.2.0
Time running: 10989 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0300
Maximum SA index: 0300
Maximum Flow index: 2400
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: A5EFE61B
crypto engine state: installed
crypto engine in slot: N/A
On the running config I don't see the firewall features such as fixup and encryption key.
02-13-2008 10:07 AM
The VPN encryption card is there and seen by the router. You need to configure the CBAC firewall, fixups, IPS, etc. The link above should help.
02-13-2008 10:09 AM
Thank you I will check it out.
Abye
02-13-2008 10:08 AM
This is the output when I run this command
show crypto engine brief?
brief
GantechRtr#show crypto engine brief ?
| Output modifiers
GantechRtr#show crypto engine brief
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
State: Enabled
Location: onboard 0
Product Name: Onboard-VPN
Middleware Version: v1.2.0
Firmware Version: v2.2.0
Time running: 10989 seconds
Compression: Yes
DES: Yes
3 DES: Yes
AES CBC: Yes (128,192,256)
AES CNTR: No
Maximum buffer length: 4096
Maximum DH index: 0300
Maximum SA index: 0300
Maximum Flow index: 2400
Maximum RSA key size: 2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: A5EFE61B
crypto engine state: installed
crypto engine in slot: N/A
On the running config I don't see the firewall features such as fixup and encryption key.
02-13-2008 10:34 AM
abye
The encryption key is not stored in the config and so you do not see it in the config.
While fixup was the language of the PIX firewall for a long time that has changed and is now "inspect". Your firewall software on the router will have ip inspect commands which you will use as part of configuring the router to perform stateful inspection of traffic as part of the firewall feature set implementation.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: