Cisco: 897VAW: Missing VPN Feature

Scrub all the below. It was because I had the advipservices_npe IOS image as opposed to advipservices.

NPE= No Payload Encryption that has no Crypto capability.

It took three Cisco engineers to work that out. Once I loaded “c800-universalk9_npe-mz.SPA.152-4.M4” ios image, I had access to the Crypto commands.

Thanks Pawel Cecot.


Reading Cisco documentation, I could see no reason why my Cisco 897VAW-E-K9 router was not allowing me access to the VPN capabilities from CCP and the CLI, however, I received similar error messages for all the VPN features:

It appears that there are two license levels available:

  • advipservices_npe – Currently license level
  • advsecurity_npe

According to this post, the differences are:

  • advipservices_npe – Advanced IP services has IPV6, advanced security feature set, MPLS, SSH, ATM, VoATM, Voip, IP telephony feature set.
  • advsecurity_npe – Advanced security IOS package has Cisco IOS firewall, IPSEC, 3DES, VPN, SSH feature set

Personally, I have no use for the VoIP stuff, but I do want the VPN capability. I’m not sure what one would do if they required VPN and VoIP. Probably a cunning plan to get the customer to buy another router. At £800 a go they’re not exactly cheap.

On the router, if I run:   show version at the end of the output I get the following three lines:

To change this, I can run:  license boot module c800 level advsecurity_npe .

If it then run the same:   show version command, the output changes to:

If I run the command  show license the output looks like:

Index 2 shows the feature in question.

With a full backup, I can do a:  wri me  and reload .

As I thought, on reload, certain commands are no longer understood as the license type has now changed, features have become unavailable:

Rerunning the command show license  now shows Index 1, License State “Not In Use”.

Show Version  now outputs:

So the license is now set to Advanced Security but note the No valid license found

Please feel free to leave a comment...