Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec, diff betw IOS 12.4 and IOS 15.0 (IPSec applied to IP port)

I am experiencing a difference in IPSec betw IOS 12.4 and IOS 15.0, on an 891 router... if this is a bug is it a 12.4 bug or a 15.0 bug?

I have a tried & true startup-config that I have used on an 1811 router with a use-case for a narrow application of IPSec... that is, using a pre-shared key, encrypt traffic between the router and one port on one host, namely port 6910.

That is, I'm doing network/host IPSec, not network/network or host/host.  I gather network/network is a more common discussion topic in this forum, but I hope someone will be able to comment anyway.

This startup-config works fine on an 891 with IOS 12.4, but the IPSec doesn't work for me on the 891 with IOS 15.0.  That is, I don't notice any errors or informative debug complaints, but, I cannot handshake with the service being served at port 6910.

To me, this suggests

  1. a defect in 15.0, OR,
  2. maybe my use case depends on some licensing/right-to-use that I have not properly claimed/declared in the startup-config.

But my technical-service rep believes that Cisco does not support per-port IPSec, and so he says it's a defect in 12.4 that I've been utilizing so far with IOS 12.4.  He says,

"I checked the configuration thoroughly and I assure you there was nothing wrong with the config, though from Cisco stand point we do not support port(tcp /udp) access-list in crypto acl.  As you mentioned it was working in the older IOS, this must be an old defect that might have transitioned to something new in the 15.0, so I suggest you downgrade the routers to the 12.4 version"

Can anyone corroborate or contradict?

Thanks for your help with this sanity check.


CreatePlease login to create content