Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2881
Views
0
Helpful
4
Replies

1941 SEC/K9 IPSec Remote Access Licensing

Go to solution
roadhouse1387
Level 1
Level 1

‎05-15-2014 10:34 AM - edited ‎02-21-2020 07:38 PM

Hi All,

I have had some trouble trying to get a definitive answer on this and im hoping some can clear this up for me once and for all.

 

On the 1941 ISR G2 with the SECURITY technology license on IOS 15 .....

 

  1. Are IPSec Remote Access VPN's supported ?
  2. If so, Do I need to buy any other feature licenses for 'seat' count ? (SSLVPN for example , even though I dont intend to use SSLVPN, only IPSec remote access)

 

Short and sweet smiley

 

Thanks for the help everyone

Cheers

Shaun

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-15-2014 11:08 AM

The Security technology licenses suffices.

Please refer to this Q&A which states:

Q. What tunnel count and performance throughput are available on the Cisco ISR G2 routers with the SECK9 license?
A. The SEC-K9 permanent licenses apply to the Cisco 1900, 2900, and 3900 ISR G2 platforms; these licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions.
The SEC-K9 license limits encrypted throughput to less than or equal to 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. This requirement applies for the Cisco 1900, 2900, and 3900 ISR G2 platforms.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-15-2014 11:08 AM

The Security technology licenses suffices.

Please refer to this Q&A which states:

Q. What tunnel count and performance throughput are available on the Cisco ISR G2 routers with the SECK9 license?
A. The SEC-K9 permanent licenses apply to the Cisco 1900, 2900, and 3900 ISR G2 platforms; these licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions.
The SEC-K9 license limits encrypted throughput to less than or equal to 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. This requirement applies for the Cisco 1900, 2900, and 3900 ISR G2 platforms.

0 Helpful

Go to solution
roadhouse1387
Level 1
Level 1
In response to Marvin Rhoads

‎05-15-2014 11:24 AM

Hi Marvin,

Many thanks for your help.

I have that document and it doesn't really give me the answers. I can see that the SEC license supports IPSec site-to-site VPN's but does it support IPSec Remote Access as in client IPSec VPN's ? Is it saying that it supports 225 tunnels of any type, including IPSec remote access ?

The second question was more about trying to find out if say, an any-connect user connected using IPSec, would IOS look to use an SSLVPN license count as it does on an ASA for example. And hence, will i need SSLVPN feature licenses as well ?

Many Thanks again Marvin

Cheers

Shaun

0 Helpful

Go to solution
roadhouse1387
Level 1
Level 1
In response to Marvin Rhoads

‎05-15-2014 11:28 AM

Apologies Marvin,

I have just noticed this at the head of your reply.

The Security technology licenses suffices.

Thanks again.

Shaun

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to roadhouse1387

‎05-15-2014 11:50 AM

You're welcome.

I try to answer the questions a bit more comprehensively most of the time so that future searchers can find not only the answer to your specific question but also the more general case.

An AnyConnect client using IPsec would have to be over IKEv2 (requires IOS 15.2(1)T or later). In that case, the SEC license continues to suffice.

Only when you configure and connect via clientless SSLVPN is the SSLVPN feature license required (in addition to the prerequisite SEC license).

Hope this clears it up. Please rate and mark your question as answered if it is.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents