Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
3
Replies

Regarding Site to Site VPN in Routers

Janardhan Meesala
Level 1
Level 1

‎07-22-2011 02:51 AM - edited ‎03-07-2019 01:21 AM

Dear Experts!!!!!!!!!!

I am using two routers to configure site to site VPN.

one is Cisco 2811 and another one is Cisco 1841 router.

Is we need any license to configure IPSec VPN between these routers.

I am giving sh version output for your reference.

ISCO-2811R#sh version
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(22)YB7
, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 27-Sep-10 19:05 by prod_rel_team

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

CISCO-2811R uptime is 16 minutes
System returned to ROM by reload at 06:55:16 UTC Fri Jul 22 2011
System image file is "flash:c2800nm-advsecurityk9-mz.124-22.YB7.bin"

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2811 (revision 53.50) with 237568K/24576K bytes of memory.
Processor board ID FHK1114F3PQ
6 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

CISCO-2811R#

CISCO-1841R#sh ver
CISCO-1841R#sh version
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(18c), RE
LEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 05-Sep-08 12:23 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

CISCO-1841R uptime is 18 minutes
System returned to ROM by reload at 06:49:12 UTC Fri Jul 22 2011
System image file is "flash:c1841-advsecurityk9-mz.124-18c.bin"

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.
Processor board ID FHK114420AA
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

CISCO-1841R#

Please advice me to go further...

Regards,

Janardhan

Labels:
0 Helpful
3 Replies 3

Latchum Naidu
VIP Alumni
VIP Alumni

‎07-22-2011 05:45 AM

Hi Janardhan,

You have the suitable IOS version which is ADVSECURITYK9 in both of your routers. You need to buy or get any extra license to configure IPSec VPN tunnel between these routers.

And you have the onboard AIM module also where the encrypted part will not effect on the actual CPU.

You can straightly go ahead with forming vpn tunnel between.
If you need any help regarding vpn tunnel defining. Please let me know so that I can assist you.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Janardhan Meesala
Level 1
Level 1
In response to Latchum Naidu

‎07-22-2011 06:18 AM

Dear Naidu garu,

Give me a clarity whether i need license or not????

Becaz i already configured IPSec between these routers and i seen tunnel came up but i was unable to ping other side of the client system.

And i able to ping  other side inside interface but not vice-versa????

Please give me a suggestion to go further???

Regards,

Janardhan

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Janardhan Meesala

‎07-25-2011 12:24 AM

Hi Janardhan,

As long as you have the k9 bundle and also the AIM module there is not need to have any other license.
And your vpn tunnel is up.

The issue why you are unable to ping remote client pc's there are many things you need to check...

1. Check the access-lists at both ends you applied under the vpn tunnel. If they gave tcp instead of ip then it wond ping.
2. Check the second phase "sh cry ipsec sa" check the status which should be "Active" and check what networks learning through the tunnel.
3. The access-lists at both ends needs to be same.

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents