Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2479
Views
0
Helpful
2
Replies

IPsec on 2951

Go to solution
SSG.Mueller
Level 1
Level 1

‎08-31-2011 04:23 AM - edited ‎02-21-2020 05:33 PM

Hello Everyone.

     I'm looking for a little help with setting up IPsec for a DMVPN between a 2811 and 2951s in a test lab.  I have enabled IPsec on the hub (2811) but I am unable to do so on either of the 2951s.  After researching, it seems that I may have the incorrect IOS for this, but I am at a loss which IOS I should be using. Currently the 2951s are on "c2951-universalk9-mz.SPA.151-2.T2.bin" and the only crypto options are

(config)#crypto ?

  ca   Certification authority

  key  Long term key operations

  pki  Public Key components

while on the 2811 I get:

WIN-T(config)#crypto ?

  ca            Certification authority

  call          Configure Crypto Call Admission Control

  ctcp          Configure cTCP encapsulation

  dynamic-map   Specify a dynamic crypto map template

  engine        Enter a crypto engine configurable menu

  gdoi          Configure GDOI policy

  identity      Enter a crypto identity list

  ipsec         Configure IPSEC policy

  isakmp        Configure ISAKMP policy

  key           Long term key operations

  keyring       Key ring commands

  logging       logging messages

  map           Enter a crypto map

  mib           Configure Crypto-related MIB Parameters

  pki           Public Key components

  provisioning  Secure Device Provisioning

  wui           Crypto HTTP configuration interfaces

  xauth         X-Auth parameters

These are all hand me downs, so I'm not sure what features the all have.  Any info would be greatly appreciated.

Regards

SSG M

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎08-31-2011 07:02 AM

Welcome to Cisco Licensing.   The ISRG2 have a universal IOS image and features are unlocked via a licensing model.   There are no more pre-compiled images for the ISRG2s (Advipservices, ipbase,ect...).

There is an evaluation license that can be turned on and is good for 60 days to get services up and running.

execute:

C1921(config)#license boot module c1900 technology-package securityk9

The syntax for a 2951 will be slightly different.   After executing this command reboot the router and you will have access to all the security features.   During the 60 day evaluation license you should purchase a permanent security license and install it on the router.

- Dan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎08-31-2011 07:02 AM

Welcome to Cisco Licensing.   The ISRG2 have a universal IOS image and features are unlocked via a licensing model.   There are no more pre-compiled images for the ISRG2s (Advipservices, ipbase,ect...).

There is an evaluation license that can be turned on and is good for 60 days to get services up and running.

execute:

C1921(config)#license boot module c1900 technology-package securityk9

The syntax for a 2951 will be slightly different.   After executing this command reboot the router and you will have access to all the security features.   During the 60 day evaluation license you should purchase a permanent security license and install it on the router.

- Dan

0 Helpful

Go to solution
SSG.Mueller
Level 1
Level 1
In response to Dan Frey

‎01-31-2012 06:09 AM

Sorry it took me so long to get back to you, this project was put on hold for quite some time.  I'm very grateful for the info about licensing.  Looks like I have to get some more money for this.  Again, thanks!

Regards
SSG M

0 Helpful
Customers Also Viewed These Support Documents