cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
135
Views
0
Helpful
2
Replies
Highlighted
Beginner

Cisco ISR4221 without security License - Is it still possible to create a VPN to a Firewall

Hi All,

 

Bit of a weird one here.

 

I have inherited a setup in which I have 4 ISR4221 routers with no security licenses so the ISR4221/k9 and not the ISR4221/SEC-K9

 

Is it still possible to set up VPNSs without the security license?

 

I had a goal of using these routers as OOB mgmt devices with S2S VPNs to our Fortigate VM in Azure but now i'm not sure if this is even possible with the current setup

 

The only options i get when using crypto for example is 

 

(config)#crypto ?
RSA-key-pair RSA key pair
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces

 

Any input would be greatly appreciated.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

Re: Cisco ISR4221 without security License - Is it still possible to create a VPN to a Firewall

Hello @Dunner1991 ,

from the available options it looks like you can only use commands to make secure the management of the device for example the RSA keys are needed to be able to enable SSH but no commands available to secure / encrypt user traffic.

So you likely need the security license to enable encryption of user traffic.

You should contact your Cisco partner or reseller to get an offer for those four licenses.

 

Note: there may be a way to enable an evaluation license for 60 days but on the long term the licenses need to be purchased.

 

Hope to help

Giuseppe

 

 

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Master

Re: Cisco ISR4221 without security License - Is it still possible to create a VPN to a Firewall

Hello @Dunner1991 ,

from the available options it looks like you can only use commands to make secure the management of the device for example the RSA keys are needed to be able to enable SSH but no commands available to secure / encrypt user traffic.

So you likely need the security license to enable encryption of user traffic.

You should contact your Cisco partner or reseller to get an offer for those four licenses.

 

Note: there may be a way to enable an evaluation license for 60 days but on the long term the licenses need to be purchased.

 

Hope to help

Giuseppe

 

 

View solution in original post

Highlighted
Beginner

Re: Cisco ISR4221 without security License - Is it still possible to create a VPN to a Firewall

HI @Giuseppe Larosa 

 

Thank you very much for the information

I had assumed VPN connectionsd were not possible from what i had read without the security license.

 

I will look into getting these licenses ASAP.

 

Thanks,

 

Mark