Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4667
Views
5
Helpful
9
Replies

ASR 9901 IPsec support

Go to solution
victorperal
Level 1
Level 1

‎03-12-2019 06:05 AM

Hello,

 

I would like to know if with the ASR9901 (ASR9K-x64-iosxr-px-k9-6.4.2) is it possible to establish IPsec Tunnels?

 

I saw this comment in this forum about the IPsec in ASR9Ks:

 

IPSec Support on ASR9K

- Pre-5.2.0 we only support IPSec for OSPFv3.

- Starting in 5.2.0 the VSM card supports IPSec. This is a LC so the 9001 cannot use it or any of the new IPSec features (mainly site-to-site IPSec)

 

Then I was searching about the compatibility of the VSM cards and I didn´t find the ASR9901 in the list:

 

Platform Support and Compatibility

The Cisco ASR 9000 Series VSM is supported on these Cisco ASR 9000 Series routers:

- Cisco ASR 9904 Router

- Cisco ASR 9006 Router

- Cisco ASR 9010 Router

- Cisco ASR 9912 Router

- Cisco ASR 9922 Router

 

In summary, is there any way to create an IPsec tunnel in the ASR9901 v6.4.2 or with the new v6.5.2?

 

Best Regards.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kane Alvarez
Cisco Employee
Cisco Employee

‎03-12-2019 11:30 PM - edited ‎03-12-2019 11:34 PM

Hi,

We don't support IPSEC on ASR9901.

IPSEC requires VSM (not supported on 64-bit XR) and an IPSEC license (EoS).
https://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/eos-eol-notice-c51-737659.html


I suggest looking at MACSEC as an alternative solution.

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.pdf

Regards,
Kane

View solution in original post

9 Replies 9

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-12-2019 06:08 AM

Hello,

 

Cisco ASR 9000 Series Carrier Ethernet applications include business services such as Layer 2 and Layer 3 VPN (L2VPN and L3VPN, mobile backhaul transport networks, and Broadband Network Gateway (BNG). Features supported include Ethernet Services; L2VPN; IPv4, IPv6, and L3VPN; Layer 2 and Layer 3 multicast; Synchronous Ethernet (SyncE), Ethernet Operations, Administration, and Maintenance (EOAM) and MPLS OAM, Layer 2 and Layer 3 Access Control Lists (ACLs), Hierarchical Quality of Service (HQoS), MPLS Traffic Engineering Fast Reroute (MPLS TE-FRR), Multichassis Link Aggregation (MC-LAG), Integrated Routing and Bridging (IRB) and Cisco Nonstop Forwarding (NSF) and Nonstop Routing (NSR). The System also supports the advanced features including Segment Routing, EVPN, Programmability and Telemetry and other enhancements in the IOS-XR 64 Bit Operating System.

 

Please, check the license instaled on your router. 

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-12-2019 07:36 AM

can you post show version and show license to config,

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
victorperal
Level 1
Level 1
In response to balaji.bandi

‎03-12-2019 09:01 AM - edited ‎03-13-2019 02:09 AM

HOST#show version
Tue Mar 12 16:54:59.304 CET

Cisco IOS XR Software, Version 6.4.2
Copyright (c) 2013-2017 by Cisco Systems, Inc.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to victorperal

‎03-12-2019 09:33 AM

have you installed License here ? install License

 

How to activate a license once you have a PAK (Product Authorization Key):

 

1. Go to www.cisco.com/go/license

2. Type the PAK you received on the form and submit it;

3. Activate the license on the ASR1000.

 

FAQ on https://tools.cisco.com/SWIFT/Licensing/jsp/Cisco%20Licensing%20FAQ%20-%20June%202011.pdf

 

For software activation commands, go to:

http://www.cisco.com/en/US/docs/ios/csa/configuration/guide/csa_commands.html

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
victorperal
Level 1
Level 1
In response to balaji.bandi

‎03-12-2019 03:41 PM

What kind of PAK should I install for IPsec? 

Doesn't I need previously a VSM card for IPsec? 

0 Helpful

Go to solution
Kane Alvarez
Cisco Employee
Cisco Employee

‎03-12-2019 11:30 PM - edited ‎03-12-2019 11:34 PM

Hi,

We don't support IPSEC on ASR9901.

IPSEC requires VSM (not supported on 64-bit XR) and an IPSEC license (EoS).
https://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/eos-eol-notice-c51-737659.html


I suggest looking at MACSEC as an alternative solution.

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.pdf

Regards,
Kane

Go to solution
victorperal
Level 1
Level 1
In response to Kane Alvarez

‎03-13-2019 02:05 AM

Thank you so much Kane.

0 Helpful

Go to solution
Kane Alvarez
Cisco Employee
Cisco Employee
In response to victorperal

‎03-17-2019 07:58 PM

You're welcome!

If you are a Cisco reseller/partner/distributor, feel free to engage GVE via http://cs.co/gvecep.

BR,
Kane
0 Helpful
Customers Also Viewed These Support Documents