cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4709
Views
0
Helpful
6
Replies

Configuring a Cisco ISR 4431 for Ipsec Ikev2 site to site tunnel to Azure

Zygodactyl
Level 1
Level 1

Can a Cisco Isr 4431 be configured with a Ipsec IKEv2 Site to Site Tunnel to Azure?

 

Looking at the feature list it appears that IPsec is available for IOS-XE   but when looking at the crypto command on the router there does not appear to be a isakmp option. 

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html

 

Below is the software version on the ISR and yes i am aware that i am a few version back i plan on updating the firmware as part of this.

Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5 (3)S5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Thu 19-Jan-17 09:28 by mcpre

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

 HSEC license. ( you need license to work Crypto)

 

Table 3.       Test Details for IPSec with Single and Multi Tunnel

IPsec Test Cases in IMIX

IPsec Single Tunnel

IPsec Multitunnel

 
 

Model

License

Mbps

Hitting Shaper

CPU %

Mbps

Hitting Shaper

CPU %

 

4321

50

45

Yes

23

45

Yes

25

 

100

92

Yes

44

92

Yes

48

 

4331

100

92

Yes

34

92

Yes

36

 

300

279

Yes

69

279

Yes

73

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

 HSEC license. ( you need license to work Crypto)

 

Table 3.       Test Details for IPSec with Single and Multi Tunnel

IPsec Test Cases in IMIX

IPsec Single Tunnel

IPsec Multitunnel

 
 

Model

License

Mbps

Hitting Shaper

CPU %

Mbps

Hitting Shaper

CPU %

 

4321

50

45

Yes

23

45

Yes

25

 

100

92

Yes

44

92

Yes

48

 

4331

100

92

Yes

34

92

Yes

36

 

300

279

Yes

69

279

Yes

73

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Really, i need a license to enable a feature on device?

Reminds me of the Meraki line where the device basically bricks itself once your subscription runs out. But I kind of expected better from the Core cisco devices. 

 

Is it a yearly subscription or a one time cost?

its one time cost..but for kit you need smartnet to RMA. (nothing free in the network world..eveything feature need to pay.

 

until you learn to get white box integrated with WAN / encryption integrated.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

So if i got this right, I need both the general support contact for access to TAC and the HSEC license. 

 

I have a support contract through a third party reseller, so i should just be able to get them to add the HSEC license and work with TAC to enable the feature right?

either way works, you can buy and install your self, or ask reseller to hekp you to install.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Neat thanks for your help. giving you the credit :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: