Easy VPN Remote Configuration - IOS XE

Carl Duvall · ‎07-08-2015

Does anyone have any information on configuring Easy VPN (EZVPN) Remote on an IOS XE device? Specifically on a 4300 series ISR. Again, I am looking for the REMOTE config, and not the SERVER config.

When I try to go into the ezvpn configuration mode, it acts like it is not available:

VPN01(config)#crypto ipsec client ?
% Unrecognized command

I am currently running an eval security license until my VAR can get me correct license:

VPN01#sh ver
Cisco IOS XE Software, Version 03.15.00.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Sun 22-Mar-15 02:32 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

VPN01 uptime is 22 hours, 33 minutes
Uptime for this control processor is 22 hours, 34 minutes
System returned to ROM by reload
System image file is "bootflash:/isr4300-universalk9.03.15.00.S.155-2.S-std.SPA.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Technology Package License Information:

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
appx             None             None             None
uc               None             None             None
security         securityk9       EvalRightToUse   securityk9
ipbase           ipbasek9         Permanent        ipbasek9

cisco ISR4321/K9 (1RU) processor with 1666224K/6147K bytes of memory.
Processor board ID FLM1924W09S
10 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3223551K bytes of flash memory at bootflash:.

Configuration register is 0x2102

Thanks in advance.

Carl Duvall · ‎07-10-2015

Well, I answered my own question.

Got in touch with Cisco and they stated that EZVPN Remote is not a capability on the 4321 platform. It can however do EZVPN Server (which is not what I need).

Darrell Lawson Jr · ‎02-15-2017

Hello Carl, I'm running into this same issue. Did you ever find a way around this?

ncowger · ‎02-15-2017

No, EZVPN client is not supported.

Carl Duvall · ‎02-16-2017

Cisco's recommendation was to migrate to DMVPN, which did work (and fairly well), but it was still a migration process and EZVPN is no longer supported.