Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

what IOS has IPSEC

does c2600-jk9s-mz.122-2.T.bin have IPSec feature set? i have looked over my configes and they all seem to be right i can only think that maybe the ios doesn't have it?


Re: what IOS has IPSEC

Hi, I have an IOS c2600-jk8s-mz.122-2.T.bin which has the

ENTERPRISE PLUS IPSEC 56 feature set. So your IOS probably has the

same feature set. And besides, you won't be able to see the ipsec commands

if your IOS doesn't have this feature.

(Maybe i'm wrong, but you might have mistyped "jk8s" with "jk9s" with you post.....just a thought)

Hope this helps.

New Member

Re: what IOS has IPSEC

i doubled checked and i have the same IOS. i stated my problem earlier in this post.

if you can offer any insight thanks!!!

i applied this access list to the external interface

access-list 111 deny ahp any any log

access-list 111 deny esp any any log

access-list 111 deny udp any any eq isakmp log

access-list 111 permit ip any any

so that i can see logged packets coming in. will this deny ipsec and show me that the packets are actually reaching my peer? i can ping it but when i issue the sho crypto ipsec sa i get this:

sh crypto ipsec sa

interface: Ethernet0/0

Crypto map tag: toSwansea, local addr.

local ident (addr/mask/prot/port): (

remote ident (addr/mask/prot/port): (


PERMIT, flags={origin_is_acl,}

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0

#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0

#send errors 343, #recv errors 0

local crypto endpt.:, remote crypto endpt.:

path mtu 1500, media mtu 1500

current outbound spi: 0

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

NOT even being encrypted? whats up with that?

CreatePlease to create content