09-26-2014 06:38 AM - edited 03-04-2019 11:50 PM
i have two 891-k9 Router and i want to configure Ipsec Site-to-Site VPN
When i type command #crypto ? it will not give me option of isakmp
Please find below Show Version & Show Lic output of the router.
Router#
*Sep 25 13:01:12.719: %SYS-5-CONFIG_I: Configured from console by console
Router#sh ver
Cisco IOS Software, C890 Software (C890-UNIVERSALK9_NPE-M), Version 15.2(4)M6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 19-Mar-14 22:06 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1)
Router uptime is 3 minutes
System returned to ROM by reload at 12:57:38 UTC Thu Sep 25 2014
System image file is "flash:c890-universalk9_npe-mz.152-4.M6.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
--More-- to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 891 (MPC8300) processor (revision 1.0) with 498688K/25600K bytes of memory.
Processor board ID XXXXXXXX
9 FastEthernet interfaces
1 Gigabit Ethernet interface
1 Serial interface
1 terminal line
256K bytes of non-volatile configuration memory.
254976K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
--More--
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO891-K9 XXXXXXXX
License Information for 'c890'
License Level: advipservices_npe Type: Permanent
Next reboot license Level: advipservices_npe
Configuration register is 0x2102
Router# sh lic
Index 1 Feature: advipservices_npe
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: WAAS_Express
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
09-26-2014 08:16 AM
To configure VPN you need to have securityk9 licence, which I dont see here. If you have that licence then you need to enable the licence. You might need to change your IOS version to (advanceipserv) version.
09-26-2014 08:57 AM
It is not an issue with IOS version. It is an issue with license. The license information indicates "advipservices_npe". The issue is npe which is not payload encryption and does not support crypto IPSec. The original poster needs a license upgrade to be able to use these routers for site to site VPN.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: