Solved: VPN SSL on 1900 series license

ilukeberry · ‎10-07-2012

Hi

I bought 1921-SEC-k9 so i have security license installed:

Technology Package License Information for Module:'c1900'

-----------------------------------------------------------------

Technology Technology-package Technology-package

Current Type Next reboot

------------------------------------------------------------------

ipbase ipbasek9 Permanent ipbasek9

security securityk9 Permanent securityk9

data None None None

Now I'd like to know if SSL VPN comes with that license or do I need to buy additional VPN SSL license to use it? If so.. i'd just use IPsec... i need client-to-site configuration.. can you point me to tutorial or just a basic config.. because for ipsec i just find site-to-site tutorials on internet.

Harish Balakrishnan · ‎10-09-2012

Hello Luka

As per this document, it will continue to work untill a realod.. If the router realods the feature under evaluation license will stop working

http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985_ps10536_Products_White_Paper.html

Harish.

View solution in original post

Harish Balakrishnan · ‎10-08-2012

Hello Luka,

You can get the information about licensing with 'show webvpn license' command

If at all if you do not have SSL license you can configure remote access ipsec vpn to access your resources. The below link

explains the configuration of the same

http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/Secconf1_ps10538_TSD_Products_Configuration_Guide_Chapter.html#wp1055505

There is a remote access vpn configuration section

Let me know if you need any help

Harish.

Please rate all helpful posts!

ilukeberry · ‎10-08-2012

In link you gave me, configuration example it only shows site-to-site... i need cilent-to-site.

r0#sh license

Index 1 Feature: ipbasek9

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

Index 2 Feature: securityk9

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

Index 3 Feature: datak9

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 4 Feature: SSL_VPN

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: 0/0 (In-use/Violation)

License Priority: None

Index 5 Feature: ios-ips-update

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

Index 6 Feature: WAAS_Express

Period left: Not Activated

Period Used: 0 minute 0 second

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

License Count: Non-Counted

License Priority: None

I really don't know if i get with securityk9 right to use SSL_VPN or not? it says

License Count: 0/0 (In-use/Violation)

IN-USE ? but i don't have SSL_VPN configured right now...

r0#sh webvpn license

No SSLVPN license is in-use.

Max platform license count : 75

Available license count : 0

Reserved license count : 0

In-use count : 0

Harish Balakrishnan · ‎10-08-2012

Hello Luka,

As far as I know, in 1900 series router, the webvpn license is based on the seat count , like you can purchase based on 10, 25,50 etc user count..

By the way i belive you can still create webvpn but for 2 users ... try out the following command

webvpn gateway < name>

if this takes you should be able to create the feature.. may be with limited user count

harish,

ilukeberry · ‎10-09-2012

webvpn gateway command works... i've had to accept EULA... but i don't know... if i have this license or not?

License Type: EvalRightToUse

License State: Not in Use, EULA not accepted

Harish Balakrishnan · ‎10-09-2012

Hello Luka,

it looks like it had taken evaluation license.. then you need to purchase the webvpn license based on the user count

FL-SSLVPN10-K9 this is the part number for webvpn license in 1900 series.. where '10' is the user count.. you have this count option upto 100 numbers

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.html

regards

Harish

ilukeberry · ‎10-09-2012

Well here it says it will work even when evaluation will end:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/904-cisco-router-anyconnect-webvpn.html

Notice the License Type mention:

EvalRightToUse.

This means that this is an evaluation license, a license to evaluate. At the end of the 8 ½ week evaluation period , the ISRG2 Cisco router license will not terminate the Web SSL_VPN license, and it will continue to work.

Is this true? Can someone confirm this?

Harish Balakrishnan · ‎10-09-2012

Hello Luka

As per this document, it will continue to work untill a realod.. If the router realods the feature under evaluation license will stop working

http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985_ps10536_Products_White_Paper.html

Harish.

ilukeberry · ‎10-09-2012

That's it.. i guess i'll be setting up IPsec i'm not paying for additional licenses.