Cisco ACI and CCNA live online batches are starting from 24th June 2023. Join experts today. HSEC-K9 requirement on ISR G2 routers - UniNets Blog

HSEC-K9 requirement on ISR G2 routers

  • Home   /  Security   /  
  • HSEC-K9 requirement on ISR G2 routers

HSEC-K9 requirement on ISR G2 routers

I came across a scenario where a site was facing slowness, this site was having edge Cisco router 2951 configured with two GRE over IPsec tunnels towards the Data Center. One tunnel was being used as primary and other as secondary for data traffic.

Users at the site were complaining slowness at sometimes of the day. I started the troubleshooting process and found the logs on the router “show log”

%CERM-4-RX_BW_LIMIT: Maximum Rx bandwidth limit of 85,000 kbps reached for cryptography functions with the hsec-k9 technology package license

mentioned that tunnel was flapping when traffic burst goes over 85Mbps, it was a clear indication of missing HSEC-K9 licence on the router.

 

“Show licence”  also indicate that it does not have a HSEC-K9 licence installed

So what was happening in that site, when traffic goes above 85Mbps tunnel went down and come back when its normal so when tunnel is down users were not able to send data therefore facing slowness.

There is a US government export restriction on encrypted tunnel and thoughput of curtailing the limit on this bandwidth. It is only for ISR G2 routers.

Now in order to resolve this issue, I order the HSEC-K9 licence from Cisco. They provided the licence details on email wherein they have mentioned to register the device on their portal using UDI and product Authorization key (This key could be obtained using the link given in the mail). For UID

“Show licence UDI” and take the serial number and PID number from here and register with Cisco. An auto generated mail was received with a file with extension .lic

Now installation was easy. Make your PC where file exists as tftp server and copy in to the router in flash “copy tftp flash”

I did not have tftp on my machine so I used companies FTP server for this purpose. I first upload it on FTP server from my machine using “mput filename” and then download this file from FTP server to router “copy ftp flash”.

“show flash” on the router to see it has downloaded the file. Now install the licence file

router#license install flash:FOC133037J9_2010032221281111.lic (your licence file name may be different) this will install the licence on router, check router#show licence

now it will show hsec-k9 licence is permanent. In HSEC-K9 licence there is no need to reboot the router.

After installing the licence the slowness was gone and issue got resolved.

 

Deepak Sharma, CCIE#37340

 

 

 

 

About the author

admin administrator

Leave a Reply

Enquiry Form





Recent Posts

Categories

Tags

ccie data center exam ccie enterprise ccie enterprise infrastructure ccie enterprise wireless ccie routing and switching vs ccie enterprise infrastructure ccie security ccie wireless ccna ccna and ccnp ccna career ccna certification ccna certification exams ccna changes CCNA Security certification ccna vs ccnp CCNP CCNP Enterprise CCNP Security CCNP Security Certification CCNP Security Course Check Point Checkpoint Check Point Certification Check point training cisco breaking news Cisco CCIE Enterprise Infrastructure cisco ccna changes cisco news cisco sd wan Cisco updates cloud computing default user name and password of F5 LTM difference between ccna and ccnp encor encor 350-401 Everything About Palo Alto Training Courses F5 ASM how to pass ccna exam how to pass cisco ccna exam Implementing and Operating Cisco Enterprise Network Core Technologies new ccie data center new ccie security Palo Alto Certifications What is AWS CERTIFICATION? what is cisco aci
Get In Touch

About Uninets

UniNets has emerged as one of the best networking institute in terms of faculty, placement and approach. Our aim is to develop you as our brand ambassador who could become a building block of this Internet world.

Latest From Blog

Browse Article

Contact Us

NM-20,1st floor, Old DLF Colony, Sector-14, Gurgaon 122001 Haryana, India

info@uninets.com

+91 8448-440-748

+91 8383 961 646

©Copyright 2020 UniNets Consulting Private Limited