Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
5
Replies

C892FSP-K9 VPN? - SOLVED

adelium904
Level 1
Level 1

‎04-12-2014 08:26 AM

Hello,

I bought a few weeks ago two C892FSP-K9.

When I bought it, I said it was to link 2 to 3 sites all together throught VPN site-to-Site. Those devices can have up to 50 VPN tunnel. I am not shure yet how to implement the ipsec tunnel vpn capability, but I am not sure that I have all the settings available.

Here is what I mean and the result of the "crypto ?" command:

(config)#crypto ?
  key                 Long term key operations
  pki                  Public Key components
  provisioning  Secure Device Provisioning
  wui                 Crypto HTTP configuration interfaces

In this list of available commande, I do not have

isakmp

In all the exemple I found in Internet to make a tunnel, they use isakmp. So if it is not avalable, How can I do?

By the way, do I have to do, activate something somewhere to have access to isakmp?

 

Thanks?

Labels:
0 Helpful
5 Replies 5

johnlloyd_13
Level 9
Level 9

‎04-12-2014 09:05 AM

Hi,

Nowadays, Cisco sells a separate security license (PAK) for ISR G2 routers. 

Try to issue a 'show version' to see if there's a permanent security license installed. If it says none (under security), then you'll have to order.

0 Helpful

adelium904
Level 1
Level 1
In response to johnlloyd_13

‎04-12-2014 10:52 AM

Hi,

Thanks for the answer.

Show vertion gives me this.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco C892FSP-K9 (revision 1.0) with 488524K/35763K bytes of memory.
Processor board ID FCZ1803C202
10 Gigabit Ethernet interfaces
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#      PID            SN
-------------------------------------------------
*0        C892FSP-K9            ************    
          


License Information for 'c800'
    License Level: advipservices_npe   Type: Permanent
    Next reboot license Level: advipservices_npe

It should be Here?

 

Thanks

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to adelium904

‎04-12-2014 05:24 PM

Hi,

You'll see it under UDI info and right before the config-register.

It look something like this:

 

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot 
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      None          None           None  
uc            uck9          Permanent      uck9
data          None          None           None

Configuration register is 0x2102

 

i recently installed a security license key on one of our 2911 to establish an IPsec VPN tunnel.

hope this link might help:

http://wannabelab.blogspot.com/2014/04/using-cisco-router-as-tftp-server.html

 

 

0 Helpful

adelium904
Level 1
Level 1
In response to johnlloyd_13

‎04-14-2014 07:37 AM

Hi,

I have contacted my reseler who tells me that the VPN for 50 tunnels comes with the device.

Look at the attached picture.

 

I have look in many different website an see that to do a vpn site to site link, I need this command "isakmp".

Is there another way to do it with either:

key                 Long term key operations
pki                  Public Key components
provisioning  Secure Device Provisioning
wui                 Crypto HTTP configuration interfaces

 

Thanks for the answer.

 

Vandman

Preview file
16 KB
0 Helpful

adelium904
Level 1
Level 1
In response to adelium904

‎04-21-2014 02:44 AM

Hi,

I have found the solution. It seems that my devices were shiped with this IOS:

c800-universalk9_npe-mz.SPA.153-2.T.bin

I did not have the equivalent of advsecurity feature in it.

So Someone from Cisco send me this IOS:

c800-universalk9-mz.SPA.152-4.M6.bin

And all came back to normal... Now I have this:

(config)#crypto ?

  batch         Crypto Batch Processing
  call          Configure Crypto Call Admission Control
  ctcp          Configure cTCP encapsulation
  dynamic-map   Specify a dynamic crypto map template
  engine        Enter a crypto engine configurable menu
  gdoi          Configure GDOI policy
  identity      Enter a crypto identity list
  ikev2         Configure IKEv2 Options
  ipsec         Configure IPSEC policy
  isakmp        Configure ISAKMP policy
  key           Long term key operations
  keyring       Key ring commands
  logging       logging messages
  map           Enter a crypto map
  mib           Configure Crypto-related MIB Parameters
  pki           Public Key components
  provisioning  Secure Device Provisioning
  vpn           Configure crypto vpn commands
  wui           Crypto HTTP configuration interfaces
  xauth         X-Auth parameters

 

 

Thanks For those who tried to help me.

 

Vandman

0 Helpful
Customers Also Viewed These Support Documents