Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
3
Replies

4221 SDWAN and traditional VPN

talalmakki
Level 1
Level 1

‎08-29-2021 09:04 AM

Good day,

 

My company is considering migrating from 1921-SEC/K9 to the new ISR4000 series (4221 model to be specific).

Our current setup includes site-to-site IPVPN (a mix of IKEv1 and IKEv2) along with HSRP and static routing/DHCP server functions.

We were considering also adding some SDWAN boxes from another vendor but it came to my attention that the ISR4000 series can also do SDWAN.

My question is this: can both functions (SDWAN VPN and l2l IPVPN) coexist on the same router? if so, what license and software is required? 

What are the limitations?

PS. I have no experience with IOS-XE so for someone coming from a world of traditional IOS, what surprises and difficulties should I expect along the way?

 

Best regards,

Talal 

0 Helpful
3 Replies 3

Kanan Huseynli
VIP
VIP

‎08-29-2021 03:51 PM

Hi,

 

SD-WAN in general not technology that can be run between different vendors,hence you should not mix your network with SDWAN from different vendors. Even using one ISR4k in IOS XE SDWAN mode (controller mode) will note give you anything, but add more overhead (because you need to install,configure at least 3 controllers for SDWAN that are vbond/vsmart/vmanage).

You can read about SDWAN for example from design guide:

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html

 

In your case, it is better to use ISR4k in traditional way (autonomous mode). ISR4k supports what you mentioned (IKEv1/v2 IPSec/ DHCP Server/  HSRP/ Routing etc). By the way, you can do these features in SDWAN mode (controller mode) as well.

 

Below datasheet for ISR4:

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html

 

Regarding licensing, for traditional ISR4k you need at least Sec technology package for IPSEC. Additionally, you may need BOOST or PERFORMANCE or HSEC licenses if you channel bandwidth on WAN will be higher (read datasheet for details).

 

IOS XE is 95% the same with IOS (ISR1900/2900/3900 are IOS). So, no problem to use it.

 

HTH,

 

 

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

talalmakki
Level 1
Level 1
In response to Kanan Huseynli

‎08-30-2021 02:28 AM

Good day Kanan,

 

Thank you for your efforts but I am trying to find simple answers at this stage as I need to give a go or no-go to my company.

Scenario is simple:

two sites that have 4221/k9 routers need to communicate using SDWAN VPN. R1 is in the HQ, R2 is in site. R2 also needs to have traditional IPVPN to another Cisco box (a 1921-sec/k9 for example) that doesn't support SDWAN.

Will a single 4221 at the remote site be able to do this?

If yes, then what license/part number should I order for both locations (HQ and remote).

Design consideration/recommendations and why we need it this way is (at this point) mute.

 

best regards,

Talal

0 Helpful

Kanan Huseynli
VIP
VIP

‎08-30-2021 12:19 PM

Hi,

 

you are giving question that cant be answered without design, additional notes.

 

But anyway, two cisco routers ISR4221 can be in SDWAN mode and connect each other over SDWAN overlay.

Yes, the second router can have legacy IPSEC to 3rd party routers/firewalls.

 

But again, SDWAN is not simple 2 routers in SDWAN mode..

 

regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents