09-09-2014 11:32 PM - edited 03-04-2019 11:43 PM
I have purchased a Cisco 881 router, and need to setup IPSEC VPN. It was purchased in New Zealand from a supplier listed on the Cisco website.
Do I need to upgrade the software on this router to be able to create the VPN?
Or do I need to buy a license?
I have tried talking to Cisco support, but they have been very unhelpful.
09-10-2014 01:04 AM
you need C881/K9 it supports IPSEC VPN. 3des. but Iam not shure aes256
09-10-2014 02:09 AM
Please post the output of sh ver | i License Level
You need to have "advsecurity" or "advipservices" for IPsec VPNs.
09-17-2014 02:44 AM
Hi it shows.
License Level: advsecurity_npe Type: Permanent
But show crypto isakmp policy
Gets Invalid input detected at '^' marker
cheers rich
09-17-2014 02:53 AM
> advsecurity_npe
NPE stands for "no payload encryption". You need a version without "NPE".
09-25-2014 05:15 AM
I have purchased an advipservices license and installed it.
But it says not deployed and the advsecurity_npe version is still enabled.
Not sure how to disable the advsecurity_npe version, no obvious way to do in from ccp.
cheers rich
09-17-2014 02:55 AM
npe means like without crypto
you need to accept licence agrement and to purchase licence and to set up crypto
licenc boot modul c881 tec sec
09-17-2014 04:05 AM
Ok how do I do that?
Is that a command I need to run?
Or do I need to buy a license from Cisco?
I have tried asking Cisco what I need but they don't help.
It has been a frustrating experience, because I brought this router from a company on Cisco's list here in New Zealand.
And I told them at the time what I needed the router to do.
I your appreciate the help guys.
cheers rich
02-18-2019 04:04 AM
Hi there
I have the same problem I can not get to the bottom of what is needed to enable all the Crypto commands but it is related to advsecurity. I would like to know what I need to do to enable these features
02-18-2019 07:52 AM
You added your question to a very old discussion. So lets start by verifying that you do have really the same problem. Please post the output of show version so we can verify whether the image is npe. Assuming that you do have the same issue then I believe that the solution has two parts. You need a license that supports encrypted payload and then you need an image file that supports encrypted payload.
HTH
Rick
02-19-2019 04:37 AM
02-19-2019 05:26 AM
Thanks for the output of show version. It does confirm that you do have the same problem. As I mentioned the solution is a 2 part thing. Getting a license to support encrypted payload is part of the solution. The other par of the solution involves the image file. Here is what you have
System image file is "flash:c800-universalk9_npe-mz.SPA.152-4.M4.bin"
You need to download and install an image file that does support payload encryption. If you have privileges to download software from the Cisco site then download a new image with the encryption capability. If you do not have privileges to download software you may need to work with who ever sold you the new license to get the image file. Or you might open a case with Cisco TAC and see if they can help you obtain the correct image file.
HTH
Rick
02-19-2019 07:01 AM
02-20-2019 09:47 AM
TAC stands for Technical Assistance Center. If you are in the US or Canada you can reach them at this number 1-800-553-2447. If not in US or Canada you can go to the Cisco web site and follow the link for support to find other phone numbers. Or you could use this link for support
Technical Support: http://www.cisco.com/techsupport
If you have a support contract for your router you have the right to open cases and get their help. If you do not have a support contract but purchased a license you can request their help and I hope that they would (but sometimes they get very strict about the contract requirement).
HTH
Rick
02-21-2019 03:49 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: