Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
7
Replies

ASR Security Bundle

ksherwood
Level 1
Level 1

‎06-28-2013 10:40 PM - last edited on ‎03-25-2019 03:39 PM by Community Manager

Hi,

      is there anything special you need to do with the ASR after you purchase it as a security bundle ?

Kevin.

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎06-29-2013 11:42 AM

Kevin

I probably am missing something in your question. It seems to me that if you have purchased an ASR with the security bundle that it should come with the license activated for the security features. You probably want to boot the ASR and then to check to verify that the security license is activated.If it is not activated for some reason then you have a problem to solve. If it is activated then all you need to do is to start configuring the security features.

If this is not what you are really asking then please provide clarification of the question.

HTH

Rick

HTH

Rick
0 Helpful

ksherwood
Level 1
Level 1
In response to Richard Burts

‎06-29-2013 09:09 PM

Rick,

          that is what I am not sure about, how do you know ?

The reason I am really curious is that when configuring IKEv2 and in particular a strong transform set, a message appears that a performance hit would occur.

So I just want to be sure I have everything activated or enabled that we have paid for.

Kevin.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ksherwood

‎06-30-2013 05:18 AM

Kevin

If the ASR is allowing you to configure IKEv2 then that is proof that the licenses are installed and activated.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick
0 Helpful

ksherwood
Level 1
Level 1
In response to Richard Burts

‎06-30-2013 08:13 PM

Ok, I agree, so why doesn't my transform set work as soon as I set it with SHA-2 strength

ie   crypto ipsec transform-set cisco-ts esp-aes 256 esp-sha-hmac           works,

       crypto ipsec transform-set cisco-ts esp-aes 256 esp-sha512-hmac    does not

and also, this worries me !

Router#sho license

License Store: Primary License Storage

StoreIndex:  1  Feature: ipsec                             Version: 1.0

        License Type: Permanent

        License State: Active, Not in Use

        License Count: Non-Counted

        License Priority: Medium

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ksherwood

‎07-01-2013 07:01 AM

Kevin

This is certainly not what I would have expected to see. I wonder what else is in the output of show license?

You say that crypto ipsec transform-set cisco-ts esp-aes 256 esp-sha512-hmac does not work. In what way is it not working? Does it generate an error message? Do tunnels not come up?

Is this router covered under maintenance/new equipment warranty? I would think that a question to Cisco TAC might be the appropriate next step?

HTH

Rick

HTH

Rick
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎07-01-2013 07:28 AM

Kevin

What model of ASR is this and what version of code is it running?

HTH

Rick

HTH

Rick
0 Helpful

ksherwood
Level 1
Level 1
In response to Richard Burts

‎07-28-2013 11:46 PM

The answer is:

ASR1002-X or any ASR with an ESP100 should have the support for data plane next-gen encryption from IOS version 3.8 onwards.

ASR routers with the standard processor can not handle the stronger encryption processing.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card