cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7898
Views
75
Helpful
32
Replies

sec license on router 2911 for IKEv2

amralrazzaz
Level 5
Level 5

i have cisco router 2911 running c2900-universalk9-mz.SPA.154-3.M1.bin and need to install sec license with part number SL-29-SEC-K9

so is it compatible to have the license with this ios version that is currently running on my router 

also it the license already available ? i hope yes becuase i need this very much 

 

i cant configure IKEv2,ipsec , all crypto options all features disables 

 

CISCO2911-EGCAI01#show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sat 25-Oct-14 03:34 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

CISCO2911-EGCAI01 uptime is 2 hours, 14 minutes
System returned to ROM by reload at 14:10:27 EET Wed May 6 2020
System restarted at 14:12:41 EET Wed May 6 2020
System image file is "flash0:c2900-universalk9-mz.SPA.154-3.M1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
--More--

 

 

 

compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ190360AM
3 Gigabit Ethernet interfaces
1 terminal line
8 Voice FXO interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO2911/K9 FCZ190360AM

 

Technology Package License Information for Module:'c2900'

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
NtwkEss None None None
CollabPro None None None

Configuration register is 0x2102

CISCO2911-EGCAI01#

amr alrazzaz
32 Replies 32

dears i installed the demo license as below and it shows me the period 8 weeks but still no sec features enabled ?

 

shall i reload the router to effect or what ?

 

still didnt get the crypto features ??


CISCO2911-EGCAI01#show ver
CISCO2911-EGCAI01#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sat 25-Oct-14 03:34 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

CISCO2911-EGCAI01 uptime is 4 days, 22 hours, 22 minutes
System returned to ROM by reload at 14:10:27 EET Wed May 6 2020
System restarted at 14:12:41 EET Wed May 6 2020
System image file is "flash0:c2900-universalk9-mz.SPA.154-3.M1.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ190360AM
3 Gigabit Ethernet interfaces
1 terminal line
8 Voice FXO interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*1 CISCO2911/K9 FCZ190360AM

 

Technology Package License Information for Module:'c2900'

------------------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
NtwkEss None None None
CollabPro None None None

Configuration register is 0x2102

CISCO2911-EGCAI01#show li
CISCO2911-EGCAI01#show lic
CISCO2911-EGCAI01#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: 8 weeks 4 days
Period Used: 0 minute 0 second
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
License Count: Non-Counted
License Priority: Low
Index 3 Feature: uck9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 4 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: NtwkEssSuitek9
Period left: Not Activated
Period Used: 0 minute 0 second

CISCO2911-EGCAI01#show li
CISCO2911-EGCAI01#show lic
CISCO2911-EGCAI01#show license ?
EULA Display end user license agreement information
agent Show license agent information
all Show license all information
call-home Show license call-home information
certs Show license certs information
detail Show license detail information
entitlement Show license entitlement information
feature Show license feature information
file Show license file information
pool Show license pool information
right-to-use Show license right-to-use information
statistics Show license statistics information
status Show license status information
suites Show license suite information
tech tech support needed
udi Show license udi information
version Show license version information
| Output modifiers
<cr>

CISCO2911-EGCAI01#show license fe
CISCO2911-EGCAI01#show license feature
Feature name Enforcement Evaluation Subscription Enabled RightToUse
ipbasek9 no no no yes no
securityk9 yes yes no no yes
uck9 yes yes no yes yes
datak9 yes yes no no yes
NtwkEssSuitek9 yes yes no no yes
CollabProSuitek9 yes yes no no yes
ios-ips-update yes yes yes no yes
SNASw yes yes no no yes
hseck9 yes no no no no
cme-srst yes yes no yes yes
mgmt-plug-and-play yes no no no no
mgmt-lifecycle yes no no no no
mgmt-assurance yes no no no no
mgmt-onplus yes no no no no
mgmt-compliance yes no no no no

CISCO2911-EGCAI01#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
CISCO2911-EGCAI01(config)#
CISCO2911-EGCAI01(config)#cry
CISCO2911-EGCAI01(config)#crypto ?
key Long term key operations
pki Public Key components

amr alrazzaz

dear im trying now to configure site to site vpn ikev2 

and after testing still no traffic can pass and im troubleshooting now ? 

do u think the evaluation license with 60 days can effect or cant using it for create ikev2 ? 

or keep troubleshooting my config maybe im in mistake ?

amr alrazzaz

No, the evaluation license will allow you to use the full features for those 60 days.
The problem probably lies elsewhere with your configuration or the peers' configuration.

I do not belive this is related to Licnese, and you got the trail license and loaded,

 

Regarding VPN not come up is another thread which is not part of this thread i guess here.

 

I suggest to open a new thread with more information and configuration of both the site, what is not working, and Logs to understand better and easy.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dear another question on demo license 

its give 60 days of working ,so

if i reload the router for any reason within 60 days the license and all my vpn config will keep working 

or it will deleted and router back to normal ?

im asking if i reload the router within those 60 days ( demo period) ?

 

thanks

 

amr alrazzaz

It will carry on working after a reload with those features, until the license expires in 60 days.

demo license start from the day it activated, it not really matter how many times you reboot the device, the count still same.

 

hope this make sense ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dear

sure it do make sense and clear what u r saying .. appreciate and super thanks

 

can we extend the evaluation license or re useit for multiple times to renewal the evaluation period?!

 

also the permanent license usually it took time to be delivered ffom ciso and is it still salling it the sec license for 2911 isr ?!

how much it cost approximately?! 

 

thanks

amr alrazzaz

Dont you think it is breach of trail terms, if you keep on doing extend, the that is not called Trail right.

 

60 or 90 days good enough to test any features cisco point of view, some people required more time, so that can done contacting Local cisco partnert or SE.

 

For costing contact local SE ot cisco partner to help you. or buy online some vendor offer, ( my preference i go to local Partner).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Make sure your purchase the electronic license, you won't have to wait for delivery, you will be able to download it.

If you need to extend the evaluation license, I am pretty sure you need to contact Cisco TAC to do this.

dears 

 

i found the license with cisco partner 1500 $ and from https://itprice.com/cisco-gpl/sl-29-sec-k9 as below #No Product Description List Price (USD) Our Price Quote Sheet
1 SL-29-SEC-K9 Security License for Cisco 2901-2951 $1,400.00 $406.00 (71% OFF)
2 L-SL-29-SEC-K9 Security E-Delivery PAK for Cisco 2901-2951 $1,400.00 $406.00 (71% OFF)
3 SL-29-SEC-K9= Security License PAK for Cisco 2901-2951 $1,600.00 $406.00 (75% OFF)
4 L-SL-29-SEC-K9= Security E-Delivery PAK for Cisco 2901-2951 $1,600.00 $406.00 (75% OFF)

 

so my question is which one should i go for ? and is it trusted if i go via online not from ciscp partner which is more expensive ? and which kind of license mentioned above i should choose ?

 

thanks

 

amr alrazzaz

L-SL-29-SEC-K9=

I'd personally go with your cisco partner, I'd be suprised if they wouldn't match this price. Call them and see if they will.

i already enable the sec features but now i need to know during this 8 week evaluation if i do reload the router for any reason before the 8 weeks finished , the sec license will removed ? 

 

ISCO2911-EGCAI01#reload
The following license(s) are transitioning, expiring or have expired.
Features with expired licenses may not work after Reload.
Feature: securityk9 ,Status: expiring, Period Left: 8 wks 3 days

 

 ??

amr alrazzaz

No, it should be fine. The message is just saying once the license has expired (in 8 weeks 3 days) it may not work after a reload.

Hope we have answered that i believe - short answer is NO the License retain in the kit for the period of trail.

 

immeterial how many times you reboot.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help