Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
4
Replies

Basic VPN query

Brian Taylor
Level 1
Level 1

‎08-03-2023 04:23 AM

We have a 2901 running IOS 15.5(3) that used to have VPN may years ago. However there has been a request to set up a new VPN. I'm a bit rusty on this and there seem to be more Cisco options these days. So I'm after basic advice on how to proceed. For example is the 2901 VPN option still ok? Should I be looking at "anyconnect" or an ASA device? Should I upgrade the 2901? Are other options better these days? 

Also I saw this link - is this workable?

Thanks

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎08-03-2023 04:38 AM

Hello,

the first question would be: which 2901 do you have ? The ISR-G2, or the first generation router ? If you don't know, post the output of 'sh ver'. In the latter case, you cannot upgrade to a 17.x IOS version, so you are stuck with the maximum encryption (which your document seems to refer to). The biggest 'problem' will be that the 15.x version is rather outdated and does not support more modern, next-generation encryption...

0 Helpful

Rob Ingram
VIP
VIP

‎08-03-2023 04:38 AM

@Brian Taylor the 2901 router is EOL. If you are looking to run remote access VPN you should look at the FPR1000 series hardware running either ASA or FTD image. 

A router does support RAVPN but it's traditionally more complex to setup and has less features than an ASA or FTD RAVPN.

0 Helpful

Brian Taylor
Level 1
Level 1

‎08-03-2023 01:51 PM

Thanks very much for your comments Georg and Rob. I'll look at your recommendations. The "sh ver" is below but it look like a first gen router.

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.5(3)M5, RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Cisco CISCO2901/K9 (revision 1.0) with 2506752K/114688K bytes of memory.
Processor board ID FCZ1519C1J7
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO2901/K9 FCZ1519C1J7

Suite License Information for Module:'c2900'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
datak9

AdvUCSuiteK9 None None None
uck9
cme-srst
cube


Technology Package License Information for Module:'c2900'

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None

0 Helpful

Rob Ingram
VIP
VIP
In response to Brian Taylor

‎08-03-2023 01:57 PM

@Brian Taylor your hardware will support anyconnect RAVPN, with NGE. The Cisco recommended solution is FlexVPN. 

https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

 

0 Helpful
Customers Also Viewed These Support Documents