cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3429
Views
20
Helpful
13
Replies

ASR1K and SSL VPN

I am having problems with finding information on SSL VPN for ASR1K, when we bought the boxes we were told that SSL VPN was on the software roadmap, but that was back in 2010 and now I cant find anything nor can I get any good information.

Does anyone have a recommendation on what to do or who to ask?

1 Accepted Solution

Accepted Solutions

Pls contact your Cisco Account Manager as he/she would be able to provide further information.

There are normally a long list of features to be added into the product, and SSL VPN is one of them that has been requested to be included on ASR. However, depending on demands, it might be on top of the roadmap list, or towards the bottom of the list. Your Cisco AM should be able to obtain information from the product team.

View solution in original post

13 Replies 13

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately SSL VPN is not released yet on ASR1K platform. It is in the roadmap but there is no confirmed date on when it will actually be released.

Thank you for the info but it does not really tell me anything, the release date Cisco gave me back in 2010 was Q2 2011, now that has long passed and no SSL VPN on the ASR.

What does "on the roadmap" really mean, it soulds like it is as uncommitted as can be.

Pls contact your Cisco Account Manager as he/she would be able to provide further information.

There are normally a long list of features to be added into the product, and SSL VPN is one of them that has been requested to be included on ASR. However, depending on demands, it might be on top of the roadmap list, or towards the bottom of the list. Your Cisco AM should be able to obtain information from the product team.

Aries Fernandes
Cisco Employee
Cisco Employee

ASR1K will be supporting SSLVPN in the upcoming XE-3.16 release and in the XE-3.15.1 release.

These releases are out. Is SSLVPN supported in ASR1K and ASR1002-X routers with this release?

Yes, please use ASR1002-x for SSLVPN. It's supported in ASR1001-x / ASR1002-x and RP2's which support ESP100 and ESP200.

I will confirm if even RP1's are supported as well by Monday:

RP1's are NOT recommended for usage with ESP100. This may boot up, but may not function properly. It has not be validated. Please use RP2's when using ESP100 / ESP200.

Please do let us know if you need any information related to configuration.

Thanks,

 

Aries,

 

I have some questions, one you have that information on configuration and when I look at it. and Two does this configuration also work on the ASR1K4-RP2?  How well does it operate with a already stable ASA/CP-MBR1400 environment.  Will I have to reconfigure all S2S VPN connections?

Hi James,

ASR1K4 [ASR1004] with RP2 is not supported unfortunately since it doesn't support our ESP100 / ESP200.

This may help for configuration:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/xe-3s/sec-conn-sslvpn-xe-3s-book/sec-conn-sslvpn-ssl-vpn.html

If you need more information with the configuration, let us know, we will see what more we can provide.

As for your established S2S connections, I doubt that will be impacted in any way, but, will cross check with our folks here, and will get back on this one.

 

Hi Aries,

Could you share any sizing info? i.e. max sessions per type of hardware?

Hi,

Unfortunately on ASR1K we have not officially claimed support :-(

However, we do support SSLVPN on CSR1000v [virtualized version of ASR1K] which supports a maximum of 250 connections with approximately 30 Mbps throughput.

Thanks,

Aries

I am confused.

I quickly checked on a test 1002 with 3.14S and I am able to enter crypto ssl proposal/policy/profile commands. So, it is available.

Also, 8 months ago support was announced in this (official) forum.

So what is unofficial about it? When is it "officially" planned for according to the roadmap?

I can understand your confusion, since I was the one who did state it will be supported in the above thread. I just confirmed with my team internally before telling you that this is not supported on ASR1K and supported only on CSR1000v.

The commands are all present and for all I know SSLVPN will work. However, when you come across any issues when using SSLVPN, that is when you will hear this from the field. This is the only concern.

However, if you are looking at any deployment scenario and would like to share it with us, let me know. I can check with our internal and see if there is any provision / image which they are willing to remotely support.

Thanks,

Aries

Thank you for clarifying this.

So, is it on the roadmap for the ASR1k? If yes, in which release?