05-15-2014 10:34 AM - edited 02-21-2020 07:38 PM
Hi All,
I have had some trouble trying to get a definitive answer on this and im hoping some can clear this up for me once and for all.
On the 1941 ISR G2 with the SECURITY technology license on IOS 15 .....
Short and sweet
Thanks for the help everyone
Cheers
Shaun
Solved! Go to Solution.
05-15-2014 11:08 AM
The Security technology licenses suffices.
Please refer to this Q&A which states:
Q. What tunnel count and performance throughput are available on the Cisco ISR G2 routers with the SECK9 license?
A. The SEC-K9 permanent licenses apply to the Cisco 1900, 2900, and 3900 ISR G2 platforms; these licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions.
The SEC-K9 license limits encrypted throughput to less than or equal to 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. This requirement applies for the Cisco 1900, 2900, and 3900 ISR G2 platforms.
05-15-2014 11:08 AM
The Security technology licenses suffices.
Please refer to this Q&A which states:
Q. What tunnel count and performance throughput are available on the Cisco ISR G2 routers with the SECK9 license?
A. The SEC-K9 permanent licenses apply to the Cisco 1900, 2900, and 3900 ISR G2 platforms; these licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), Secure Sockets Layer VPN (SSL VPN), a secure time-division multiplexing (TDM) gateway, and secure Cisco Unified Border Element (CUBE) and 1000 tunnels for Transport Layer Security (TLS) sessions.
The SEC-K9 license limits encrypted throughput to less than or equal to 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. This requirement applies for the Cisco 1900, 2900, and 3900 ISR G2 platforms.
05-15-2014 11:24 AM
Hi Marvin,
Many thanks for your help.
I have that document and it doesn't really give me the answers. I can see that the SEC license supports IPSec site-to-site VPN's but does it support IPSec Remote Access as in client IPSec VPN's ? Is it saying that it supports 225 tunnels of any type, including IPSec remote access ?
The second question was more about trying to find out if say, an any-connect user connected using IPSec, would IOS look to use an SSLVPN license count as it does on an ASA for example. And hence, will i need SSLVPN feature licenses as well ?
Many Thanks again Marvin
Cheers
Shaun
05-15-2014 11:28 AM
Apologies Marvin,
I have just noticed this at the head of your reply.
The Security technology licenses suffices.
Thanks again.
Shaun
05-15-2014 11:50 AM
You're welcome.
I try to answer the questions a bit more comprehensively most of the time so that future searchers can find not only the answer to your specific question but also the more general case.
An AnyConnect client using IPsec would have to be over IKEv2 (requires IOS 15.2(1)T or later). In that case, the SEC license continues to suffice.
Only when you configure and connect via clientless SSLVPN is the SSLVPN feature license required (in addition to the prerequisite SEC license).
Hope this clears it up. Please rate and mark your question as answered if it is.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide