IOS Packaging Versions

Unanswered Question
Jul 9th, 2008
User Badges:
  • Bronze, 100 points or more

Hi All,

I have 2 remote sites with 2801 and ADSL WICs installed.

fa 0/0 on the 2801's is connected to a 2Mb Point-to-Point circuit back to the main site. (Presented as ethernet at both ends). fa 0/1 goes the the LAN. I'm running EIGRP on this network.

The ADSL WICs provide internet access to the sites with local providers.

I'd like to setup a site-to-site VPN tunell back to my main site in the case of the 2Mb circuits failing. At the moment if the circuit fails, the users launch the VPN client software from their individual PC's, this is far from ideal!

My VPN concentrator at the main site is a Checkpoint NGX R65, but I'll be changing this to a Cisco ASA at some point this year.

My problem is that I dont think I have the correct IOS on the 2801's to let them operate as a VPN client. The IOS on them is C2801-SPSERVICESK9-M.

I think I need Advanced Security at a minimum - Cisco part number CD28N-ASK9?

Am I correct?

Thank you in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tdrais Wed, 07/09/2008 - 07:20
User Badges:
  • Blue, 1500 points or more

Depends why you are running the SP version of the IOS. There are a number of features mostly voice and BGP that are in SP that are not in the advanced security. You would need ADVANCED IP SERVICES if you want everything in both versions.

If you plan to run EIGRP over this VPN you will need to wait until you get the ASA since I don't think checkpoint supports EIGRP... Even the ASA support of EIGRP has not been around all that long.

Kevin Brennan Wed, 07/09/2008 - 07:46
User Badges:
  • Bronze, 100 points or more

Hi tdrais,

Thank you for the reply.

I'm running the SP IOS as that is what came with the bundle (2801 + WIC ADSL)

I dont need any voice or BGP functionality.

you are correct, Checkpoint does not support EIGRP, but I would set a static route with a higher cost to go over the VPN tunnel if required.

Given the above, would the Advanced Security IOS do the job? (It must support the WIC-ADSL though).

What might you recommend to achieve what I'm looking for?




This Discussion