cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
248
Views
15
Helpful
3
Replies
ASAAD OSMAN
Beginner

Configure site to site IKEv2 ipsec

Hi 

We are planning to establish Site-to-Site IPsec VPN IKEv2, may I know what is the appropriate device to have with the appropriate licence.

thank you

1 ACCEPTED SOLUTION

Accepted Solutions

@ASAAD OSMAN No additional license required.

 

The universalk9—Contains the ipbasek9 base package and the securityk9, uck9, and appxk9 technology packages. The securityk9 technology package includes all crypto features, including IPsec, SSL/SSH, Firewall, and Secure VPN.

 

...but the HSECK9 license is required for a feature to have full crypto functionality. Without the HSECK9 license, only 225 secure tunnels and 85 Mbps of crypto bandwidth would be available. The HSECK9 license allows features in the securityk9 technology package to use the maximum number of secure tunnels and crypto bandwidth.

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg/bm_isr_4400_sw_config_guide_chapter_0101.html

 

View solution in original post

3 REPLIES 3
Rob Ingram
VIP Mentor

@ASAAD OSMAN 

You can configure Site-to-Site VPNs on Cisco ASA, Secure Firewall (FTD) or IOS-XE routers. The ASA and FTD require the base license and the Irouters requires the Security license.

 

 

thank you, Rob, for your prompt response,

if I purchased an ISR4221 router which has universalk9 ios version. Does it require purchasing any additional licenses to configure crypto IKEv2 ?

@ASAAD OSMAN No additional license required.

 

The universalk9—Contains the ipbasek9 base package and the securityk9, uck9, and appxk9 technology packages. The securityk9 technology package includes all crypto features, including IPsec, SSL/SSH, Firewall, and Secure VPN.

 

...but the HSECK9 license is required for a feature to have full crypto functionality. Without the HSECK9 license, only 225 secure tunnels and 85 Mbps of crypto bandwidth would be available. The HSECK9 license allows features in the securityk9 technology package to use the maximum number of secure tunnels and crypto bandwidth.

 

Reference here:-

https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg/bm_isr_4400_sw_config_guide_chapter_0101.html

 

View solution in original post