Re: ikev2 ipsec vpn on cisco router 2900 cant find the commands

amralrazzaz · ‎05-06-2020

hi all,

i have a cisco router 2900, IOS software version of 15.4(3)M1.

I tried to setup a site to site ipsec vpn on my router and type 'crypto ikev2 proposal prop_1',

on the configuration mode. the router is not accepting the command. when i do 'crypto ?', i can only

see key- long term key operation

pki- public key components.

please am confuse now. i need someone help. i need to set the sits to site up. i have successfully configured my asa (peer).

here you are show version :

CISCO2911-EGCAI01#show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sat 25-Oct-14 03:34 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

CISCO2911-EGCAI01 uptime is 2 hours, 14 minutes
System returned to ROM by reload at 14:10:27 EET Wed May 6 2020
System restarted at 14:12:41 EET Wed May 6 2020
System image file is "flash0:c2900-universalk9-mz.SPA.154-3.M1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
--More--

compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ190360AM
3 Gigabit Ethernet interfaces
1 terminal line
8 Voice FXO interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO2911/K9 FCZ190360AM

Technology Package License Information for Module:'c2900'

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
NtwkEss None None None
CollabPro None None None

Configuration register is 0x2102

CISCO2911-EGCAI01#

amr alrazzaz

Rob Ingram · ‎05-06-2020

Hi,

Unfortunately it looks like you don't have a security license, which would allow you to configure an IPSec VPN.

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None

HTH

amralrazzaz · ‎05-06-2020

is there any hope for doing this ?

can i know it is available ? please

i really need this urgent and dont know how to solve this or from where to get license ?

or its belongs to image issue or what :)? kindly help if u able please

it urgent for me please many super thanks

amr alrazzaz

Rob Ingram · ‎05-06-2020

If you need to urgently you could activate an evalution license for security, you should then contact your cisco partner to purchase the license. Hopefully you can get the new license before the evaluation license expires.

This link has steps to show you how to enable an evaluation license.

https://www.cisco.com/c/en/us/td/docs/routers/access/sw_activation/SA_on_ISR.html

HTH

amralrazzaz · ‎05-06-2020

just need to know:

- can o conatct any cisco partner ship or the company who purshaced this from it and if its from long time and i didnt get their conact can i find another cisco partner?!

- in my case is there many kind of license or only one for all ? as u know sir i need this for crypto ikev2 ipsecf vpn site to site -whats the name of the license in my case?! and is it available on market?! and how mush estimated

many thanks for ur great help

config

- how much

amr alrazzaz

Rob Ingram · ‎05-06-2020

The part number is "SL-29-SEC-K9" (Security License for Cisco 2901-2951. Works with universalk9 image)

You can order from any partner, though I am not 100% sure if you can still purchase the license as the hardware is old. Contact a partner, provide the part number and see what they say.

I imagine the cost would be approx $400-600

HTH

amralrazzaz · ‎05-06-2020

so when i got this license all the sec options and commands such as ikev2 and all crypto commands for site to site vpn will be activated and shown to me

may i ask please if the license features including ikev2 or only ikev1

?!

amr alrazzaz

amralrazzaz · ‎05-06-2020

so when i got this license all the sec options and commands such as ikev2 and all crypto commands for site to site vpn will be activated and shown to me

may i ask please if the license features including ikev2 or only ikev1

?!

amr alrazzaz

Rob Ingram · ‎05-07-2020

Yes, the cisco 2911 router with the IOS version you are running supports IKEv2 and IKEv1

amralrazzaz · ‎05-10-2020

is there any difference between SL-29-SEC-K9 and L-SL-29-SEC-K9 ? both can enable the security features ?

amr alrazzaz

Rob Ingram · ‎05-10-2020

Delivery of PAKs can be paper based or electronic. Paper based PAKs begin with SL- for technology package licenses and FL- for Feature licenses. Customers ordering paper based PAKs are sent a software claim certificate by mail identifying their PAK string. Below is the example of a PAK.

Electronic PAKs begin with L-SL for technology package licenses and L-FL for Feature licenses. Customers ordering an electronic PAK receive an email which points to a secure portal where they can download a pdf file containing the PAK information shown above. This information is sent to the customer in a matter of minutes after purchase.

Reference here.

amralrazzaz · ‎05-10-2020

so in my case when i would like to order the security license with full features what is the part number ?

is it same what mentioned to me before SL-29-SEC-K9 ?

also the sec license by default came with full features ? or there are levels of license like full features and half features ?

because im afraid after install the license it will not open full security features that supporting all commands when i configure IKEv2 ?? and supporting all Encryption algorithm and Authentication algorithm ?

at last i would like to thank u very much for ur great information u really helpful appreciate sir

amr alrazzaz

Rob Ingram · ‎05-10-2020

You may wish to order the electronic license, as you should receive this almost immediately, via an email containing a link to the eDelivery application. A paper license would be sent via mail.

It should come with all the security features and support the latest algorithms.

HTH