cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1467
Views
5
Helpful
1
Replies

ISR 4331 SSL VPN (licenses and more)

Hi. I have a Cisco ISR 4331 router. I`ve set up IPSec VPN for site-to-site and clients (IKEv2 AnyConnect) for long ago so far...

Now our remote workers say from time to time that they have problems with IPSec connectivity from hotels and so on... so usual IPSec (UDP4500, ESP) issue with ISPs.

So I`ve decided to work out an option with simultaneous IPSec and SSL client VPN to our network but I got some problems and questions that want to address here:

1. I can`t do 'webvpn' on my ISR... Seems some licensing problems (or it`s like ISR4K don`t support SSL VPN at all?

 

Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)
#show license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
appxk9                   yes          yes         no             no       yes
uck9                     yes          yes         no             no       yes
securityk9               yes          yes         no             yes      yes
ipbasek9                 no           no          no             yes      no
FoundationSuiteK9        yes          yes         no             no       yes
AdvUCSuiteK9             yes          yes         no             no       yes
cme-srst                 yes          yes         no             no       yes
hseck9                   yes          no          no             no       no
throughput               yes          yes         no             no       yes
internal_service         yes          no          no             no       no
License Store: Primary License Storage
StoreIndex: 0   Feature: securityk9                        Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        Lock type: Node locked
        Vendor info: <PID>ISR4331/K9</PID><SN>***</SN>
        License Addition: Exclusive
        License Generation version: 0x8100000
        License Count: Non-Counted
        License Priority: Medium

2. Is it possible to have both IPSec and SSL endpoints for clients to choose from on one ISR? Now my clients get a distro with AnyConnect and profile file to connect via IPSec... How can I give them an option to try SSL if they fail to connect through IPSec? (like two sets of Cisco ANyConnect Profiles or smth...)

3. I don`t want to have Web-server on my ISR to deploy AnyConnect (all my remote clients have it so far)... But it seems that every time a SSL VPN user has to use the web-interface to connect. Am I wrong?

 

Thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
yuzhan4
Cisco Employee

Your question is similar to this one. Please check if the following thread answered your question.

 

https://community.cisco.com/t5/-/-/td-p/2587371

 

 

 

View solution in original post

1 REPLY 1
yuzhan4
Cisco Employee

Your question is similar to this one. Please check if the following thread answered your question.

 

https://community.cisco.com/t5/-/-/td-p/2587371

 

 

 

View solution in original post