Showing results for 
Search instead for 
Did you mean: 

Basic VPN query

Brian Taylor

We have a 2901 running IOS 15.5(3) that used to have VPN may years ago. However there has been a request to set up a new VPN. I'm a bit rusty on this and there seem to be more Cisco options these days. So I'm after basic advice on how to proceed. For example is the 2901 VPN option still ok? Should I be looking at "anyconnect" or an ASA device? Should I upgrade the 2901? Are other options better these days? 

Also I saw this link - is this workable?


4 Replies 4


the first question would be: which 2901 do you have ? The ISR-G2, or the first generation router ? If you don't know, post the output of 'sh ver'. In the latter case, you cannot upgrade to a 17.x IOS version, so you are stuck with the maximum encryption (which your document seems to refer to). The biggest 'problem' will be that the 15.x version is rather outdated and does not support more modern, next-generation encryption...

@Brian Taylor the 2901 router is EOL. If you are looking to run remote access VPN you should look at the FPR1000 series hardware running either ASA or FTD image. 

A router does support RAVPN but it's traditionally more complex to setup and has less features than an ASA or FTD RAVPN.

Brian Taylor

Thanks very much for your comments Georg and Rob. I'll look at your recommendations. The "sh ver" is below but it look like a first gen router.

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.5(3)M5, RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Cisco CISCO2901/K9 (revision 1.0) with 2506752K/114688K bytes of memory.
Processor board ID FCZ1519C1J7
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)
Device# PID SN
*1 CISCO2901/K9 FCZ1519C1J7

Suite License Information for Module:'c2900'

Suite Suite Current Type Suite Next reboot
FoundationSuiteK9 None None None

AdvUCSuiteK9 None None None

Technology Package License Information for Module:'c2900'

Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None

@Brian Taylor your hardware will support anyconnect RAVPN, with NGE. The Cisco recommended solution is FlexVPN.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: