Re: Remote VPN configuration C1111

bogdanscekic · ‎11-01-2023

I have one client that want's me to configure IPSec Remote VPN through his Cisco Router C1111 model. I have seen that i need security license for it to work.
Is it possible to configure at least SSL VPN or are there any other types of Remote VPN services that are support without buying Security Licence?

Best regards,
Bogdan

Rob Ingram · ‎11-01-2023

@bogdanscekic VPN's on Cisco routers require the security license. https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-routers-isr/datasheet-c78-739512.html

You will also require AnyConnect/Secure Client licenses, 25 licenses is the minimum you can purchase.

The supported Remote Access VPN solution on Cisco routers is FlexVPN. https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

bogdanscekic · ‎11-02-2023

Okay, so let's sum up things. First we would have to buy security license, we got offer for this license SL-1100-8P-SEC=, our router is with 8 port's. Then after buying this license we would need to buy 25 of Anyconnect licenses provided by this link https://www.insight.com/en_US/shop/product/L-AC-PLS-1Y-S1/CISCO%20SYSTEMS/L-AC-PLS-1Y-S1/Cisco-AnyConnect-Plus--subscription-license-1-year-%20-1-Year-Software-Application-Support-plus-Upgrades-SASU--1-user/
I haven't seen anywhere that i am conditioned to buy 25, as i can buy anywhere from 1 license to many.
Best regards

Rob Ingram · ‎11-02-2023

@bogdanscekic From the guide below - "The quantity of users should be equal to the total number of Unique Users that will use Secure Client services for each license tier. Please note that the minimum user license size is 25"

https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/secure-client-og.html

bogdanscekic · ‎11-02-2023

Okay, yes i have seen the minimum is 25 and maximum is 99. Beside this i wanted to ask is configuring L2TP remote access vpn free ?

Rob Ingram · ‎11-02-2023

@bogdanscekic no it's not included in the base license feature set.

TheGoob · ‎03-05-2024

What does the Small Business 2 Employee company do then? Still have to purchase a 25 user license for 2 people?

liviu.gheorghe · ‎03-05-2024

Yes it does. Don't forget that the price is per year being a subscription.

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-05-2024

It’s weird because, and this was on my last router setup, I went and tried to get the 25 User AnyConnect License and CDW denied me getting it. I gave up because my knowledge/rebuttal ability was 0 to press the matter.

tvotna · ‎03-06-2024

Pardon my ignorance, but does C1111 really support SSL VPN? I don't believe so. Instead of fighting with IKEv2 on it it would be easier to buy Firepower 1010 with ASA code and full-featured SSLVPN implementation and no licenses at all.

TheGoob · ‎03-06-2024

I have an FPR1010 [FTD] in FDM configuration, connected in line/after ISR C1111. This work?

Actually I don’t see why I could not integrate my unused 891F router and set up the vpn on that, like I used to, for free. Or for that matter, my ASA-5508-X that I am not using.

tvotna · ‎03-06-2024

Yes, FPR1010 with FTD will do. For VPN the code is 99% the same as on ASA. ASA5508 will work too, but for this platform you need to install AnyConnect license (PAK-based) to it, otherwise the number of tunnels would be limited to 2. Check "show ver".