hi there -
I have a customer that ordered Cisco 8300 Series Cat to replace the C9200. Their expectation is to support some kind of IPSec. Either as a crypto map [old school] or VTI. I can't find any thing in the doc's that support that technology.
Where else should I be looking?
@Steytler the datasheets for the 8300 aren't very helpful and don't explictly state it, but assuming you are using the normal IOS-XE image it supports DMVPN and FlexVPN (VTI). Note that Policy Based VPN (crypto maps) have been depreciated from version 17.6.6 https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-xe-17/bulletin-c25-744830.html
There isn't a 'normal' ios xe code for the 8300. There is DNA...SDWAN...and universal[no payload encryption]. So then the choice is to purchase the SDWAN code and leave it in autonomous I suppose????
Cisco Catalyst 8300 and 8200 Series Edge Platforms with Cisco IOS XE SD-WAN Software deliver Cisco’s secure, cloud-scale SD-WAN solution for the branch. The Cisco Catalyst 8300 and 8200 Series Edge Platforms is built for high performance and integrated SD-WAN Services along with flexibility to deliver security and networking services together from the cloud or on premises. It provides higher WAN port density and a redundant power supply capability. The Cisco Catalyst 8300 and 8200 Series Edge Platforms have a wide variety of interface options to choose from—ranging from lower and higher module density with backward compatibility to a variety of existing WAN, LAN, LTE, voice, and compute modules. Powered by Cisco IOS XE, fully programmable software architecture, and API support, these platforms can facilitate automation at scale to achieve zero-touch IT capability while migrating workloads to the cloud. The Cisco Catalyst 8300 and 8200 Series Edge Platforms also come with Trustworthy Solutions 2.0 infrastructure that secures the platforms against threats and vulnerabilities with integrity verification and remediation of threats.
The Cisco Catalyst 8300 and 8200 Series Edge Platforms are well suited for medium-sized and large enterprise branch offices for high WAN IPsec performance with integrated SD-WAN services.
But BTW you must connect cisco for final decision, there is chance that order something that not fit your require.
I did see that and what came to mind was the 'autonomous' mode.
If we get a box with the sd-wan code and leave it in autonomous do we get all the routing features and can create VTI's?
I know - a call to cisco. My customer purchased these devices prior to me coming aboard and was told they would do payload encryption. No controllers and/or other services purchased.