Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
42185
Views
20
Helpful
5
Replies

4000 series isr performance licensing & hsec vs sec licensing

wayfaring
Level 1
Level 1

‎08-22-2016 01:06 PM - edited ‎03-05-2019 04:32 AM

For a 4331 with SEC & FL-4330-PERF-K9 which claims to increase throughput from 100Mbps to 300Mbps, is ipsec tunnel throughput still limited to only 85Mbps unless additional FL-4330-HSEC-K9 license is purchased or does it also increase to 300Mbps?  If hsec is required, is it necessary to have both SEC and FL-4330-HSEC-K9 licenses purchased to use all ipsec/vpn features or would just the the FL-4330-HSEC-K9 alone take care of this?

The wording on hsec info vs Cisco marketing material for the performance licensing upgrade is somewhat confusing -

http://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html -

The Cisco 4000 Series has a performance-on-demand license to increase the base forwarding throughput with no hardware changes. Also present is the High Security (HSEC) license, which removes the curtailment enforced by the U.S. government export restrictions on the encrypted tunnel count and encrypted throughput. The HSECK9 license is a separately required license for a feature to have full crypto functionality. Without the HSECK9 license, only 225 secure tunnels and 85 Mbps of crypto bandwidth would be available.

7 people had this problem
Labels:
0 Helpful
5 Replies 5

manuel-rocha
Level 1
Level 1

‎10-28-2016 06:12 PM

ipsec tunnel throughput still limited to only 85Mbps unless additional FL-4330-HSEC-K9 license is purchased?

Yes, security and performance license are two different things.

or does it also increase to 300Mbps?

No

If hsec is required, is it necessary to have both SEC and FL-4330-HSEC-K9 licenses purchased to use all ipsec/vpn features?

Yes, SEC license is a prerequisite for HSEC

or would just the the FL-4330-HSEC-K9 alone take care of this?

No

chamaraw07
Level 1
Level 1
In response to manuel-rocha

‎01-31-2017 06:52 AM

hi

to increase throughtput on a cisco 4331 router , do we have to install

both FL-4330-PERF-K9 and FL-4330-HSEC-K9 licenses ? or is one enough

thanks

0 Helpful

steveperez1
Level 1
Level 1
In response to chamaraw07

‎02-05-2017 05:11 AM

Manuel is correct.   Here is information from the FAQ document at:   Hopefully this answers your question: http://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/qa_c67-728261.html

Q.    Is a High Security (HSEC) license offered on the Cisco 4000 Series to achieve greater cryptographic tunnel count and throughput?

A.     Yes, an HSEC license is required to achieve more than 225 cryptographic tunnel count and 170 Mbps of total IP Security (IPsec) throughput (bidirectional traffic).
Q.    What is an HSEC license?
A.     An add-on license above the Security (SEC) technology package license, known as HSEC, provides export controls for strong levels of encryption. HSEC is available to customers in all currently nonembargoed countries as listed by the U.S. Department of Commerce. Without an HSEC license, SEC performance is limited to 225 tunnels and a total of 170 Mbps of IPsec throughput. An HSEC license removes this limitation. Because of these export control requirements, the HSEC license is the only license on the Cisco 4000 Series that requires installation of a license key file to activate. In other words, HSEC is not an RTU license.
0 Helpful

zzunic
Level 1
Level 1
In response to steveperez1

‎02-17-2017 12:55 PM

Q: How much is ipsec tunnel throughput on ISR4321 with SEC and HSEC licence?

According to HSEC licence explanation it removes 85 Mbps limit - but performance limit on 4321 is 50 Mbps? It seems that HSEC license doesn't have sense on 4321 without PERF license?

0 Helpful

timhl
Level 1
Level 1
In response to zzunic

‎10-26-2017 08:08 PM

The ISR4321 base performance is 50 Mbps, which can be increased to 100 Mbps with the performance on demand license. Without the additional HSEC license, it would be limited to 85 Mbps of encrypted traffic.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card