exagger
asked on
How can I confirm if this Cisco IOS c2800nm-spservicesk9-mz.124-9.T7.bin supports ipsec
I have a Cisco 2800 series router with the following IOS c2800nm-spservicesk9-mz.12 4-9.T7.bin . I need to configure an IPsec peer to peer vpn on it. When I enter the command " crypto ? " all i get is :
ca Certification authority
engine Enter a crypto engine configurable menu
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
Does that mean the ios does not support IPsec? How do I confirm what feature this particular IOS supports?
ca Certification authority
engine Enter a crypto engine configurable menu
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
Does that mean the ios does not support IPsec? How do I confirm what feature this particular IOS supports?
ASKER
Yes, this is the tool i was looking for. It says the IOS supports IPsec through NAT translation and VPN tunnel management although this doesnt seem to be what I need. I need to be able to configure a peer to peer vpn using :
'crypto isakmp'- to define keys and policies
and 'crypto ipsec'- to configure the transform set
I suppose this IOS doesnt support that?
'crypto isakmp'- to define keys and policies
and 'crypto ipsec'- to configure the transform set
I suppose this IOS doesnt support that?
Generally speaking, crypto stuff requires a "K9" (I think older is K8) version of the IOS. By this I mean that there should be K9 as part of the version number.
You appear to have a K9 version, so yes it should support crypto command sets.
Make sure you are in config t when issuing the 'crypto' command..
You appear to have a K9 version, so yes it should support crypto command sets.
Make sure you are in config t when issuing the 'crypto' command..
ASKER
I am in config mode but these are the only options available
ca Certification authority
engine Enter a crypto engine configurable menu
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
yet the ios has k9 in it.
?
ca Certification authority
engine Enter a crypto engine configurable menu
key Long term key operations
pki Public Key components
provisioning Secure Device Provisioning
wui Crypto HTTP configuration interfaces
yet the ios has k9 in it.
?
Looking into this more, but here is the product sheet for the 2800 series. All 2800 series support native IPSec using synchronous keysets (AES, 3DES, etc. - password/secret key based). For a PKI (certificate) based you may need to get an AIM card to support that.
http://www.cisco.com/en/US/prod/collateral/routers/ps5854/ps5882/product_data_sheet0900aecd8016fa68_ps5854_Products_Data_Sheet.html
http://www.cisco.com/en/US/prod/collateral/routers/ps5854/ps5882/product_data_sheet0900aecd8016fa68_ps5854_Products_Data_Sheet.html
Is this offline while you configure it? Could you try just dumping a dummy config in there and see if that works? Here' s a good clean sample - take out the password stuff so you don't mess yourself up... or at least just don't write mem so you can just bounce to clean it.
ASKER
Its online.
I will try to dump a configuration outside working hours
I will try to dump a configuration outside working hours
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
And yes, this particular image appears to have some IPsec features...
http://tools.cisco.com/ITDIT/CFN/Dispatch?HMR_DDM=0&HIM_Id=924498&HDDMPlatFamDet=270&HDDMFeatSetDet=1383&HPN_Text=&Q1Submit=CONTINUE&act=rlsSelect&task=display
The crypto command in most versions is used primarily to create and manage keys, check the available subcommands
i.e.
crypto ca ?
crypto key ?