cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

450
Views
5
Helpful
9
Replies
Beginner

ASR 9901 IPsec support

Hello,

 

I would like to know if with the ASR9901 (ASR9K-x64-iosxr-px-k9-6.4.2) is it possible to establish IPsec Tunnels?

 

I saw this comment in this forum about the IPsec in ASR9Ks:

 

IPSec Support on ASR9K

- Pre-5.2.0 we only support IPSec for OSPFv3.

- Starting in 5.2.0 the VSM card supports IPSec. This is a LC so the 9001 cannot use it or any of the new IPSec features (mainly site-to-site IPSec)

 

Then I was searching about the compatibility of the VSM cards and I didn´t find the ASR9901 in the list:

 

Platform Support and Compatibility

The Cisco ASR 9000 Series VSM is supported on these Cisco ASR 9000 Series routers:

- Cisco ASR 9904 Router

- Cisco ASR 9006 Router

- Cisco ASR 9010 Router

- Cisco ASR 9912 Router

- Cisco ASR 9922 Router

 

In summary, is there any way to create an IPsec tunnel in the ASR9901 v6.4.2 or with the new v6.5.2?

 

Best Regards.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ASR 9901 IPsec support

Hi,

We don't support IPSEC on ASR9901.

IPSEC requires VSM (not supported on 64-bit XR) and an IPSEC license (EoS).
https://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/eos-eol-notice-c51-737659.html


I suggest looking at MACSEC as an alternative solution.

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.pdf

Regards,
Kane

Everyone's tags (3)
9 REPLIES 9
Rising star

Re: ASR 9901 IPsec support

Hello,

 

Cisco ASR 9000 Series Carrier Ethernet applications include business services such as Layer 2 and Layer 3 VPN (L2VPN and L3VPN, mobile backhaul transport networks, and Broadband Network Gateway (BNG). Features supported include Ethernet Services; L2VPN; IPv4, IPv6, and L3VPN; Layer 2 and Layer 3 multicast; Synchronous Ethernet (SyncE), Ethernet Operations, Administration, and Maintenance (EOAM) and MPLS OAM, Layer 2 and Layer 3 Access Control Lists (ACLs), Hierarchical Quality of Service (HQoS), MPLS Traffic Engineering Fast Reroute (MPLS TE-FRR), Multichassis Link Aggregation (MC-LAG), Integrated Routing and Bridging (IRB) and Cisco Nonstop Forwarding (NSF) and Nonstop Routing (NSR). The System also supports the advanced features including Segment Routing, EVPN, Programmability and Telemetry and other enhancements in the IOS-XR 64 Bit Operating System.

 

Please, check the license instaled on your router. 

Jaderson Pessoa
*** Rate All Helpful Responses ***
VIP Advisor

Re: ASR 9901 IPsec support

can you post show version and show license to config,

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASR 9901 IPsec support

HOST#show version
Tue Mar 12 16:54:59.304 CET

Cisco IOS XR Software, Version 6.4.2
Copyright (c) 2013-2017 by Cisco Systems, Inc.

VIP Advisor

Re: ASR 9901 IPsec support

have you installed License here ? install License

 

How to activate a license once you have a PAK (Product Authorization Key):

 

1. Go to www.cisco.com/go/license

2. Type the PAK you received on the form and submit it;

3. Activate the license on the ASR1000.

 

FAQ on https://tools.cisco.com/SWIFT/Licensing/jsp/Cisco%20Licensing%20FAQ%20-%20June%202011.pdf

 

For software activation commands, go to:

http://www.cisco.com/en/US/docs/ios/csa/configuration/guide/csa_commands.html

 

 

 

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASR 9901 IPsec support

What kind of PAK should I install for IPsec? 

Doesn't I need previously a VSM card for IPsec? 

VIP Advisor

Re: ASR 9901 IPsec support

is this new device, ?

 

if so please follow below instructions :

 

https://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/200011-Smart-Licensing-on-the-ASR9000-Platform.html#anc0

 

BB
*** Rate All Helpful Responses ***
Highlighted
Cisco Employee

Re: ASR 9901 IPsec support

Hi,

We don't support IPSEC on ASR9901.

IPSEC requires VSM (not supported on 64-bit XR) and an IPSEC license (EoS).
https://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/eos-eol-notice-c51-737659.html


I suggest looking at MACSEC as an alternative solution.

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/white-paper-c11-737544.pdf

Regards,
Kane

Everyone's tags (3)
Beginner

Re: ASR 9901 IPsec support

Thank you so much Kane.

Cisco Employee

Re: ASR 9901 IPsec support

You're welcome!

If you are a Cisco reseller/partner/distributor, feel free to engage GVE via http://cs.co/gvecep.

BR,
Kane
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards