Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS Packaging Versions

Hi All,

I have 2 remote sites with 2801 and ADSL WICs installed.

fa 0/0 on the 2801's is connected to a 2Mb Point-to-Point circuit back to the main site. (Presented as ethernet at both ends). fa 0/1 goes the the LAN. I'm running EIGRP on this network.

The ADSL WICs provide internet access to the sites with local providers.

I'd like to setup a site-to-site VPN tunell back to my main site in the case of the 2Mb circuits failing. At the moment if the circuit fails, the users launch the VPN client software from their individual PC's, this is far from ideal!

My VPN concentrator at the main site is a Checkpoint NGX R65, but I'll be changing this to a Cisco ASA at some point this year.

My problem is that I dont think I have the correct IOS on the 2801's to let them operate as a VPN client. The IOS on them is C2801-SPSERVICESK9-M.

I think I need Advanced Security at a minimum - Cisco part number CD28N-ASK9?

Am I correct?

Thank you in advance.



Re: IOS Packaging Versions

Depends why you are running the SP version of the IOS. There are a number of features mostly voice and BGP that are in SP that are not in the advanced security. You would need ADVANCED IP SERVICES if you want everything in both versions.

If you plan to run EIGRP over this VPN you will need to wait until you get the ASA since I don't think checkpoint supports EIGRP... Even the ASA support of EIGRP has not been around all that long.

New Member

Re: IOS Packaging Versions

Hi tdrais,

Thank you for the reply.

I'm running the SP IOS as that is what came with the bundle (2801 + WIC ADSL)

I dont need any voice or BGP functionality.

you are correct, Checkpoint does not support EIGRP, but I would set a static route with a higher cost to go over the VPN tunnel if required.

Given the above, would the Advanced Security IOS do the job? (It must support the WIC-ADSL though).

What might you recommend to achieve what I'm looking for?



CreatePlease to create content