07-15-2019 09:42 AM - edited 07-15-2019 09:43 AM
Can a Cisco Isr 4431 be configured with a Ipsec IKEv2 Site to Site Tunnel to Azure?
Looking at the feature list it appears that IPsec is available for IOS-XE but when looking at the crypto command on the router there does not appear to be a isakmp option.
Below is the software version on the ISR and yes i am aware that i am a few version back i plan on updating the firmware as part of this.
Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5 (3)S5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Thu 19-Jan-17 09:28 by mcpre
Solved! Go to Solution.
07-15-2019 09:54 AM
HSEC license. ( you need license to work Crypto)
Table 3. Test Details for IPSec with Single and Multi Tunnel
IPsec Test Cases in IMIX |
IPsec Single Tunnel |
IPsec Multitunnel |
||||||
Model |
License |
Mbps |
Hitting Shaper |
CPU % |
Mbps |
Hitting Shaper |
CPU % |
|
4321 |
50 |
45 |
Yes |
23 |
45 |
Yes |
25 |
|
100 |
92 |
Yes |
44 |
92 |
Yes |
48 |
|
|
4331 |
100 |
92 |
Yes |
34 |
92 |
Yes |
36 |
|
300 |
279 |
Yes |
69 |
279 |
Yes |
73 |
|
07-15-2019 09:54 AM
HSEC license. ( you need license to work Crypto)
Table 3. Test Details for IPSec with Single and Multi Tunnel
IPsec Test Cases in IMIX |
IPsec Single Tunnel |
IPsec Multitunnel |
||||||
Model |
License |
Mbps |
Hitting Shaper |
CPU % |
Mbps |
Hitting Shaper |
CPU % |
|
4321 |
50 |
45 |
Yes |
23 |
45 |
Yes |
25 |
|
100 |
92 |
Yes |
44 |
92 |
Yes |
48 |
|
|
4331 |
100 |
92 |
Yes |
34 |
92 |
Yes |
36 |
|
300 |
279 |
Yes |
69 |
279 |
Yes |
73 |
|
07-15-2019 10:00 AM
Really, i need a license to enable a feature on device?
Reminds me of the Meraki line where the device basically bricks itself once your subscription runs out. But I kind of expected better from the Core cisco devices.
Is it a yearly subscription or a one time cost?
07-15-2019 12:00 PM
its one time cost..but for kit you need smartnet to RMA. (nothing free in the network world..eveything feature need to pay.
until you learn to get white box integrated with WAN / encryption integrated.
07-15-2019 12:16 PM
So if i got this right, I need both the general support contact for access to TAC and the HSEC license.
I have a support contract through a third party reseller, so i should just be able to get them to add the HSEC license and work with TAC to enable the feature right?
07-15-2019 12:50 PM
either way works, you can buy and install your self, or ask reseller to hekp you to install.
07-15-2019 01:15 PM
Neat thanks for your help. giving you the credit :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide