NEW4331ISR#sh ver
Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

NEW4331ISR uptime is 1 day, 6 hours, 36 minutes
Uptime for this control processor is 1 day, 6 hours, 37 minutes
System returned to ROM by reload at 04:18:13 UTC Wed Mar 22 2017
System image file is "bootflash:/isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bi"
Last reload reason: PowerOn

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None Smart License None
securityk9
appxk9

AdvUCSuiteK9 None Smart License None
uck9
cme-srst
cube

Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None Smart License None
uck9 None Smart License None
securityk9 None Smart License None
ipbase ipbasek9 Smart License ipbasek9

cisco ISR4331/K9 (1RU) processor with 1648789K/6147K bytes of memory.
Processor board ID FDOX0X0X0X0X
5 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3223551K bytes of flash memory at bootflash:.

Configuration register is 0x2102

***EDIT***

OK, then here's what I want to do. I want to block all EXTERNAL->INTERNAL traffic, and create 3 VPN connections to small offices around town. What Lic do I need?

Sean

Ok, so when I try to install the Lic;

NEW4331ISR#license install flash:isr4300-universalk9.lic
                                    ^
% Invalid input detected at '^' marker.

No matter what I try and put there it always gives me invalid at the first letter of the switch after "license".

What gives?

smart Smart licensing