cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
780
Views
5
Helpful
7
Replies

Dmvpn without IPSec

Network Pro
Level 1
Level 1

Hi,

i am aware dmvpn does not require IPSec to run but are there any issues of running this?

Also would any one know if we can use k9 license that supports IPSec in places like Israel, Russia and turkey? At the moment router has securityk9_npe license. Is this rule only for exporting and once the box is in country can we change license to security k9?

Thanks

7 Replies 7

rvarelac
Level 7
Level 7

Hi 

About the second question , I'm not totally sure, but I think the K9 license does not have restriction on any country, I've seen this license being used all around Central and South america as well most of Europa and Asia. 

The router VPN has a limitation outside US, for the throughput, in order to break this limitation you can purchase a H-SEC licence. 

-Randy-

Thanks

I cant seem to do show dmvpn - is this a code or license error or do i need to do anything to enable it ?

show dmvpn detail is the command you want to use if you have it configured

Regarding K9 yes you can use it in Israel we have sites there running crypto

i dony see any show dmvpn command at all - it says unrecognized - 15.5(3)S0c / isr4300-universalk9_npe.03.16.00c.S.155-3.S0c-ext.SP

Would you know in Russia and Turkey ?

Then the image unlikely supports dmvpn  , you can check exactly what features your image supports on software checker below

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

you should be fine for Turkey with Russia though from what I remember they regulate encrypted traffic through the government so its certain types of K9 software you need to use , that's definitely the way the wireless works anyway so I assume its probably the same for routers etc

i.e

Cisco Unified Wireless Network Software Release 1.9 for Cisco 5500 Series Wireless LAN Controllers with Licensed Payload Encryption.Only Recommended for Russia Where Data DTLS Payload Encryption is Regulated by the Government.  Login & Valid Contract Required
AIR-CT5500-LDPE-K9-1-9-0-0-FUS.aes
24-JAN-2014 15.21 MB

Related Information Minimize
Dashboard Information Sources
Select different information sources for access to relevant troubleshooting information.
Information Sources
Release Notes Security Advisories, Responses & Notices Documentation Support Community
Command References Field Notices
Related Information Release Notes Security Advisories, Responses & Notices Documentation Command References Field Notices

Details
Description: Cisco Unified Wireless Network Software Release 1.9 for Cisco 5500 Series Wireless LAN Controllers with Licensed Payload Encryption.Only Recommended for Russia Where Data DTLS Payload Encryption is Regulated by the Government.
Release: 1.9.0.0
Release Date: 24/Jan/2014
File Name: AIR-CT5500-LDPE-K9-1-9-0-0-FUS.aes
Size: 15.21 MB (15946452 bytes)
MD5 Checksum: 856f7f4e0b4ba057ab8dae1f30dfc5ea
SHA512 Checksum:
cc73c6cb5dc7d64dfd371b4d869f0309...
Release Notes for 1.9.0.0 | Security Advisory

would you know for ISR 4300 series also ? 

The laws in China and Russia state that if you have cryptographic equipment in their country by right they can have access to your systems or request your keys in terms of national security theres nothing you can do , the U.S are exactly the same only the issue with China and Russia is there likely state sponsored hacking

So no matter what you put in there country's by law they can have full access no matter what so you find a lot of companies based in these countries do not share intellectuals property through there connections , China you cant even export out of unless you have a presence in the country so we use VDI so our information is not shared across there networks at all but we can still have offices there

I don't have any sites in Russia but its the same as China and there are no real definite restrictions to what cant be used but even if you don't follow them and do have a standard K9 in there as LDPE may not be available for your platform , if they want access to it and its based on there soil they can get it.

If your doing things by the book you may need an export license first

http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html

This where your not allowed definite to have Cisco K9

Cisco solutions and products containing 64-bit or less encryption may be delivered to most end users worldwide, except to entities or end users in the following countries: Cuba, Iran, North Korea, Sudan, and Syria.

If this has answered your query's please rate the post as it makes it easier to find the answer when other users search for same problem

Review Cisco Networking for a $25 gift card