02-03-2016 07:00 AM - edited 03-05-2019 03:15 AM
I have an issue with an 1941 router - I am unable to get the SSL VPN working.
I believe the router should be enabled for SSL as its on the Version 15.3(3)M7 IOS. This should have the RTU license feature. Is there a way to enable this for the SSL VPN? I have the correct Security feature on the router.
#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: NtwkEssSuitek9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: hseck9
Index 7 Feature: mgmt-plug-and-play
Index 8 Feature: mgmt-lifecycle
Index 9 Feature: mgmt-assurance
Index 10 Feature: mgmt-onplus
Index 11 Feature: mgmt-compliance
02-03-2016 07:42 AM
Have you ran the command license right-to-use ?
thought you needed a separate license with securityk9 for ssl thought that only covered IPsec vpns on 1900 but could be wrong
Cisco IOS SSL VPN is a licensed feature available on Cisco routers running the Cisco IOS Advanced Security feature set
http://www.cisco.com/c/en/us/products/collateral/security/ios-sslvpn/product_data_sheet0900aecd80405e25.html
02-03-2016 07:50 AM
If your right I'm not sure what I'm supposed to be telling the router - what WORD?
Router#license right-to-use move ?
WORD license name
I've been advised by the license reseller that I don't need to load any licenses onto the router.
02-03-2016 07:59 AM
do you have a command show license feature , it should show if ssl is enabled
02-03-2016 08:03 AM
The output of the show license feature command is below -
show | license | feature | ||||
Feature | name | Enforcement | Evaluation | Subscription | Enabled | RightToUse |
ipbasek9 | no | no | no | yes | no | |
securityk9 | yes | yes | no | yes | yes | |
datak9 | yes | yes | no | no | yes | |
NtwkEssSuitek9 | yes | yes | no | no | yes | |
ios-ips-update | yes | yes | yes | no | yes | |
hseck9 | yes | no | no | no | no | |
mgmt-plug-and-play | yes | no | no | no | no | |
mgmt-lifecycle | yes | no | no | no | no | |
mgmt-assurance | yes | no | no | no | no | |
mgmt-onplus | yes | no | no | no | no | |
mgmt-compliance | yes | no | no | no | no |
02-03-2016 08:40 AM
I don't think that covers you don't even see ssl and as well this is what I was saying about needing separate licences for ssl as you do on asa too and 2921 below
https://supportforums.cisco.com/discussion/11659376/ssl-vpn-licensing-cisco-isr-g2-2921
The routers im checking all specifically show ssl under the features
#show license feature
Feature name Enforcement Evaluation Subscription
ipbasek9 no no no
securityk9 yes yes no
datak9 yes yes no
SSL_VPN yes yes no
ios-ips-update yes yes yes
02-04-2016 03:27 AM
Did you have any ;luck getting a definite answer on this , the license team should be able to answer it by an email for you if not
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide