Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2538
Views
0
Helpful
1
Replies

Cisco 2921 ISR2 IOS 15.0 router GRE over IPsec configuration problem

josephp
Level 1
Level 1

‎09-21-2010 09:12 PM - edited ‎03-04-2019 09:51 AM

Hi Folks,

I need a little help with configuration of a 2921 ISR2 router. I am trying to configure GRE over IPsec as a backup link (primary link is on a metro-ethernet) with OSPF. However I don't see an option to enable crypto isakmp policy #. I don't see an option to enable it, below is the show version and help options availble for crypto. Am I missing a step? or do I have the wrong IOS version?

###########

rtr01#sh ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

rtr01 uptime is 2 weeks, 6 days, 7 hours, 52 minutes
System returned to ROM by reload at 15:30:50 UTC Wed Sep 1 2010
System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
         
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2921/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID <snip>
3 FastEthernet interfaces
3 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO2921/K9          <snip>   

Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot 
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      None          None          None
uc            None          None          None
data          None          None          None

Configuration register is 0x2102

rtr01#
rtr01#
rtr01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
vpnrtr01.nj3-1.sup(config)#crypto ?
  ca   Certification authority
  key  Long term key operations
  pki  Public Key components

rtr01(config)#crypto isakmp policy 10
                                  ^
% Invalid input detected at '^' marker.

rtr01(config)#

##############

Thank you in advanced.

Joe P.

Labels:
0 Helpful
1 Reply 1

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-21-2010 09:22 PM

It's because your IOS feature is "IP Base".  I believe GRE support require IP Services.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card