Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

C1941w and Cisco CP Express Firewall Feature Set

I have a cisco 1941w with ios c1900-universalk9-mz.SPA.150-1.M2.bin and I am using Cisco CP Express GUI. It tells me that the firewall feature set in unavailable. The IOS image in your router does not support the requested feature.

How do I get CP Express to configure the firewall feature?

12 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

You need to have the Security license for the firewall features. You can check what license you have with a show version/show license

http://www.cisco.com/en/US/partner/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

In the command prompt (via console, telnet or ssh) do show license all and post the output here.

Regards,

jerry

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

Like I mentioned earlier, you need a Security license. You currently have only a IP Base license

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

Is that something I need to purchase or is it a download feature set license?

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

You need to purchase the license from a Cisco reseller. The link below

lists the different license options and the part numbers.

http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

Contact Cisco Licensing (licensing@cisco.com) and they will send you the license file to install on the device

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Please post your switch configuration also. The router configuration looks okay.

Regards,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

The switch is an HP Procurve switch. Do you still want the switch config?

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Not really. So in the switch, make sure the trunk port is configure to 802.1q and allow all VLAN's to go through. That is about it.

If it is a Cisco switch the configuration looks like the follow

interface x/x

switchport trunk encapsulation dot1q

switchport mode trunk

HTH,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

I wish it was a Cisco switch. HP does things different what they call a trunk is actually an ether-channel of ports.

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Your ip nat outside is on the wrong interface. It should be on G0/1, not G0/0.

interface g0/0

no ip nat outside

interface g0/1

no ip nat inside

ip nat outside

HTH,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

Yup. That was I.

Thanks.

17 REPLIES
Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

You need to have the Security license for the firewall features. You can check what license you have with a show version/show license

http://www.cisco.com/en/US/partner/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

In the command prompt (via console, telnet or ssh) do show license all and post the output here.

Regards,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

Here are the outputs of "show ver" "show license" and "show license all"

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

Like I mentioned earlier, you need a Security license. You currently have only a IP Base license

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

Is that something I need to purchase or is it a download feature set license?

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

You need to purchase the license from a Cisco reseller. The link below

lists the different license options and the part numbers.

http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10538_Products_Data_Sheet.html

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

So I will order the SL-19-SEC-K9 Security License which looks like a paper license. How do I install it on

the router? And does this part number give mu all the feature sets to have firewall and vpn features?

Bronze

Re: C1941w and Cisco CP Express Firewall Feature Set

Contact Cisco Licensing (licensing@cisco.com) and they will send you the license file to install on the device

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

I attached the configuration for my 1941w router. I am unable to ping 10.6.10.250 or 10.6.20.250 which is the switch interface. I can however ping 10.6.1.250 also on the switch interface. What am I missing?

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Please post your switch configuration also. The router configuration looks okay.

Regards,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

The switch is an HP Procurve switch. Do you still want the switch config?

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Not really. So in the switch, make sure the trunk port is configure to 802.1q and allow all VLAN's to go through. That is about it.

If it is a Cisco switch the configuration looks like the follow

interface x/x

switchport trunk encapsulation dot1q

switchport mode trunk

HTH,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

I wish it was a Cisco switch. HP does things different what they call a trunk is actually an ether-channel of ports.

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

i cannot ping 8.8.8.8 from any of the sub-interface addresses:

g0/0.10 ip address 10.6.10.250

g0/0.20 ip address 10.6.20.250

all the others

Am I missing a route?

Cisco Employee

Re: C1941w and Cisco CP Express Firewall Feature Set

Your ip nat outside is on the wrong interface. It should be on G0/1, not G0/0.

interface g0/0

no ip nat outside

interface g0/1

no ip nat inside

ip nat outside

HTH,

jerry

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

Yup. That was I.

Thanks.

Community Member

Re: C1941w and Cisco CP Express Firewall Feature Set

So I purchasesd the Security license and installed it on the C1941W router. I can now create VPN tunnels. I am trying to use Cisco CPE to configure the firewall. I am getting very erratic behavior. Sometimes the application comes up and most of the time it does not. It also sometimes says I cannot configure the firewall for several reasons. Is there a firewall feature in this router or not. BTW, I am using g0/0 for the WAN and g0/1.10 , g0/1.11 , g0/1.12 for subinterfaces on the LAN. Is that a problem. I am new to this router and its functionality so please be patient with my questions. We can do a webex if that would help more.

Thank you.

1752
Views
0
Helpful
17
Replies
CreatePlease to create content