Solved: Re: Cisco 891-k9 VPN license

Ignat Sitnikov · ‎02-24-2012

Hello,

I have just purchased a Cisco 891-k9. I have purchased it to learn how to configure site to site VPNs. Below are my "sh version" and "sh license". Can somebody explain to me whether I have the ability to set up VPN. Also, if somebody can point me in a right direction where I can find out what exact features does my IOS and license support. I have bought this router used and not aware what image and license come on the brand new router. Thank you!

=============================================================================================

yourname(config)#do sh version
Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Fri 29-Oct-10 00:19 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1)

yourname uptime is 20 minutes
System returned to ROM by power-on
System image file is "flash:c890-universalk9-mz.150-1.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 891 (MPC8300) processor (revision 1.0) with 498688K/25600K bytes of memory.
Processor board ID FTX15040E4B

9 FastEthernet interfaces
1 Gigabit Ethernet interface
1 Serial interface
1 terminal line
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
244440K bytes of ATA CompactFlash (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO891-K9

License Information for 'c890'
License Level: advipservices Type: Permanent
Next reboot license Level: advipservices

Configuration register is 0x2102

=========================================================================================

yourname#sh lic
*Feb 25 00:56:54.739: %SYS-5-CONFIG_I: Configured from console by cisco on consolee
yourname#sh license
Index 1 Feature: advipservices
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium
Index 2 Feature: ios-ips-update
        Period Used: 0 minute 0 second
        License Type: Evaluation
        Start Date:         N/A, End Date: Dec 31 2025
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 3 Feature: SSL_VPN
        Period left: Not Activated
        Period Used: 0 minute 0 second
        License Type: Evaluation
        License State: Not in Use, EULA not accepted
        License Count: 100/0/0 (Active/In-use/Violation)
        License Priority: None

===========================================================================================

-Ignat Sitnikov

Marvin Rhoads · ‎02-25-2012

According to the product data sheet, the default license is Advanced IP services. This appears to be what you have. The IPS and SSL VPN feature is a license upgrade.

You should be able to build an IPSec tunnel with another router by following the CLI steps in the Configuration Guide. You can also do it via the GUI by using Cisco Configuration Professional (CCP). Many first time users struggle quite a bit using only the CLI - I'd suggest using te GUI and then analyzing the resultant configuration script to understand the various components of a VPN configuration

View solution in original post

Marvin Rhoads · ‎02-25-2012

According to the product data sheet, the default license is Advanced IP services. This appears to be what you have. The IPS and SSL VPN feature is a license upgrade.

You should be able to build an IPSec tunnel with another router by following the CLI steps in the Configuration Guide. You can also do it via the GUI by using Cisco Configuration Professional (CCP). Many first time users struggle quite a bit using only the CLI - I'd suggest using te GUI and then analyzing the resultant configuration script to understand the various components of a VPN configuration

Ignat Sitnikov · ‎02-25-2012

The whole point was to learn how to use firewall features and learn how to configure site to stie VPN using CLI. I have spoke with Cisco support today and I need to purchase securityk9 license to support 3des which is gonna cost more than i have aready spent on this router. Iam sending it back for a refund...It's a shame...Very nice router...

lotten1981 · ‎09-07-2013

I have same model router, 15.x AdvIPServices code, and licensing.

I have it operating with IPSec just fine, with users connecting using the Cisco VPN Client software.

SSL VPN requires a licensing upgrade.

This video helped a lot in setting up the IPSec

https://www.youtube.com/watch?v=xxC1DG47fuY

My biggest stumbling block is always mixing up the:

IPSec Group and Password (Phase 1)

and the

Username and Password (Phase 2)