cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

228
Views
0
Helpful
2
Replies
Beginner

crypto ipsec profile command missing for IKEv2 VTI VPN

I have a 5506 with 9.8 (device 1).  If I issue crypto ipsec ? Profile is not an option.  This command appears to be needed for IKEv2 VTI to Azure route based VPN.  (Device 2) does show the option with the same command.  I cannot tell what feature set (device 1) is missing.  Any hints appreciated.
 
crypto ipsec ikev2 ipsec-proposal AZURE-PROPOSAL
protocol esp encryption aes-256
protocol esp integrity sha-256
crypto ipsec profile “some name”
 
device 1
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
 
Device 2
Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
Carrier                           : Disabled       perpetual
AnyConnect Premium Peers          : 300            perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 300            perpetual
Total VPN Peers                   : 300            perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
Shared License                    : Disabled       perpetual
Total TLS Proxy Sessions          : 1000           perpetual
Botnet Traffic Filter             : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual
VPN Load Balancing                : Enabled        perpetual

Everyone's tags (1)
2 REPLIES 2
VIP Advisor

Re: crypto ipsec profile command missing for IKEv2 VTI VPN

In asa you don't use ipsec profile for IKEv2. This is used in IOS ikev2
Highlighted
Beginner

Re: crypto ipsec profile command missing for IKEv2 VTI VPN

According to this cisco article you do  "Configure ASA IPsec VTI Connection to Azure"

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/214109-configure-asa-ipsec-vti-connection-to-az.html

 

One device has the command and the other does not.  I am assuming it is some license feature that explains the differance.

 

 

wes