New Cisco 881 License Issues

clyded · ‎01-16-2014

I have two new 881 units and it appears that the crypto engine is not running on both units. Logs show that it is not even trying to connect. The MN=CISCO881-Sec-K9 V01 and I have bought these units in the past (1-2 years ago) and the advsecurity license was on by default. I have had no problems in the past with these units. The new Cisco license model has changed this to a more complecated task.

Now it seems like you have to tell the unit to use this IOS, but after jumping through all of these hoops it still states that it needs a reboot (did this several times and it state the same thing). I have read many blogs of people having simular issues, but no answer. Does anyone know how to fix this issue?

I entered in the "lic boot mod c880-data level advsecurity" command and all aof the "end user" license agreement commands as well....

and rebooted the unit .... still does not work....

------------------------------------------------------------------

License Information for 'c880-data'
License Level: advsecurity Type: Permanent
Next reboot license Level: advsecurity

Configuration register is 0x2102

---------------------------------------------------------------

sho lic

Index 1 Feature: advipservices
        Period left: Life time
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
Index 2 Feature: advsecurity
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium
Index 3 Feature: ios-ips-update
        Period left: Not Activated
        Period Used: 0 minute 0 second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 4 Feature: SSL_VPN
        Period left: Not Activated
        Period Used: 0 minute 0 second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: 0/0 (In-use/Violation)
        License Priority: None

sho lic feat

Feature name             Enforcement Evaluation Subscription   Enabled RightToUse
advipservices            yes          yes         no             no       yes
advsecurity              no           no          no             yes      no
ios-ips-update           yes          yes         yes            no       yes
SSL_VPN                  yes          yes         no             no       yes

sho ver

Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 16-Feb-12 02:58 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

VPN881 uptime is 18 minutes
System returned to ROM by reload at 17:05:04 CST Thu Jan 16 2014
System restarted at 17:05:36 CST Thu Jan 16 2014
System image file is "flash:c880data-universalk9-mz.150-1.M8.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FTX162****

5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO881-SEC-K9 FTX16*****C

License Information for 'c880-data'
License Level: advsecurity Type: Permanent
Next reboot license Level: advsecurity

Configuration register is 0x2102

clyded · ‎01-16-2014

here is the crypto info.....

crypto isakmp policy 1

encr aes 256

authentication pre-share

crypto isakmp key xxxxxxxx address xx.xx.xx.xx

!

crypto ipsec transform-set 123 esp-aes 256

!

crypto map test-CMap 10 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set 123

match address xx

!

interface FastEthernet4

description WAN

ip address xx.xx.xx.xx 255.255.255.252

shutdown

duplex auto

speed auto

crypto map test-CMap

sho crypto isakmp sa

IPv4 Crypto ISAKMP SA
dst src state conn-id status

IPv6 Crypto ISAKMP SA

sho crypto engine bri

        crypto engine name: Virtual Private Network (VPN) Module
        crypto engine type: hardware
                     State: Enabled
                  Location: onboard 0
              Product Name: Onboard-VPN
                FW Version: 1
              Time running: 2059 seconds
               Compression: Yes
                       DES: Yes
                     3 DES: Yes
                   AES CBC: Yes (128,192,256)
                  AES CNTR: No
     Maximum buffer length: 4096
          Maximum DH index: 0050
          Maximum SA index: 0050
        Maximum Flow index: 0100
      Maximum RSA key size: 0000

        crypto engine name: Cisco VPN Software Implementation
        crypto engine type: software
             serial number: F50******
       crypto engine state: installed
     crypto engine in slot: N/A