cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6585
Views
0
Helpful
15
Replies

Cisco 881 ipsec vpn

richard064
Level 1
Level 1

I have purchased a Cisco 881 router, and need to setup IPSEC VPN. It was purchased in New Zealand from a supplier listed on the Cisco website.

Do I need to upgrade the software on this router to be able to create the VPN?

Or do I need to buy a license?

I have tried talking to Cisco support, but they have been very unhelpful.

15 Replies 15

Tagir Temirgaliyev
Spotlight
Spotlight

you need C881/K9 it supports  IPSEC VPN.  3des. but Iam not shure aes256

Please post the output of sh ver | i License Level

You need to have "advsecurity" or "advipservices" for IPsec VPNs.

 

Hi it shows.

License Level: advsecurity_npe   Type: Permanent

But show crypto isakmp policy

Gets Invalid input detected at '^' marker

cheers rich

advsecurity_npe

NPE stands for "no payload encryption". You need a version without "NPE".

I have purchased an advipservices license and installed it.

But it says not deployed and the advsecurity_npe version is still enabled.

Not sure how to disable the advsecurity_npe version, no obvious way to do in from ccp.

cheers rich

npe means like without crypto

you need to accept licence agrement and to purchase licence and to set up crypto

licenc boot modul  c881 tec sec

 

Ok how do I do that?

Is that a command I need to run?

Or do I need to buy a license from Cisco?

I have tried asking Cisco what I need but they don't help.

It has been a frustrating experience, because I brought this router from a company on Cisco's list here in New Zealand.

And I told them at the time what I needed the router to do.

I your appreciate the help guys.

cheers rich

Hi there

 

I have the same problem I can not get to the bottom of what is needed to enable all the Crypto commands but it is related to advsecurity.  I would like to know what I need to do to enable these features 

You added your question to a very old discussion. So lets start by verifying that you do have really the same problem. Please post the output of show version so we can verify whether the image is npe. Assuming that you do have the same issue then I believe that the solution has two parts. You need a license that supports encrypted payload and then you need an image file that supports encrypted payload.

 

HTH

 

Rick

HTH

Rick

Hi Rick

Thanks for this show version out put follows


OIS-02-VDSL>show version
Cisco IOS Software, C800 Software (C800-UNIVERSALK9_NPE-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 16:14 by prod_rel_team

ROM: System Bootstrap, Version 15.2(3r)XC, RELEASE SOFTWARE (fc1)

OIS-02-VDSL uptime is 6 days, 22 hours, 48 minutes
System returned to ROM by reload at 14:34:31 UTC Tue Feb 12 2019
System image file is "flash:c800-universalk9_npe-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com .

Cisco C897VA-K9 (revision 1.0) with 488524K/35763K bytes of memory.
Processor board ID FCZ175090DV
1 DSL controller
1 Ethernet interface
9 Gigabit Ethernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 C897VA-K9 FCZ175090DV



License Information for 'c800'
License Level: advsecurity_npe Type: Default. No valid license found.
Next reboot license Level: advsecurity_npe


Configuration register is 0x2102

I think I have purchased and installed FL-SSLVPN10-K9 but this does not seem to enable the crypto commands - any help you can give would be much appreciated

Regards

Thanks for the output of show version. It does confirm that you do have the same problem. As I mentioned the solution is a 2 part thing. Getting a license to support encrypted payload is part of the solution. The other par of the solution involves the image file. Here is what you have

System image file is "flash:c800-universalk9_npe-mz.SPA.152-4.M4.bin"

You need to download and install an image file that does support payload encryption. If you have privileges to download software from the Cisco site then download a new image with the encryption capability. If you do not have privileges to download software you may need to work with who ever sold you the new license to get the image file. Or you might open a case with Cisco TAC and see if they can help you obtain the correct image file.

 

HTH

 

Rick

HTH

Rick

Thanks for this

"Or you might open a case with Cisco TAC and see if they can help you obtain the correct image file.” Can you tell me what Cisco TAC is and how I would contact them please

Regards

TAC stands for Technical Assistance Center. If you are in the US or Canada you can reach them at this number 1-800-553-2447.  If not in US or Canada you can go to the Cisco web site and follow the link for support to find other phone numbers. Or you could use this link for support

Technical Support: http://www.cisco.com/techsupport

If you have a support contract for your router you have the right to open cases and get their help. If you do not have a support contract but purchased a license you can request their help and I hope that they would (but sometimes they get very strict about the contract requirement).

 

HTH

 

Rick

 

 

HTH

Rick

Thanks Rick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco