While creating Bill Of Material for a new ISR G2 or 4000 series Router platform, a single universal IOS software image and the corresponding permanent technology and feature licenses may be required to be included.
Users creating BOM often get confused while selecting SEC-K9 and HSEC-K9 technology package license.
SEC K9 Licence vs HSEC K9 Licence
Below clarifies the doubts by sharing the comparison between SEC-K9 and HSEC-K9 license –
| PARAMETER | SEC-K9 LICENSE | HSEC-K9 LICENSE |
|---|---|---|
| Philosophy | The SEC-K9 license enables standard encryption (VPN payload and secure voice) on the ISR G2 platforms. The SEC-K9 license is designed to comply with both local and U.S. export requirements for global distribution to all countries. This license enforces a curtailment on the maximum number of encrypted tunnels (225 tunnels) and the maximum encrypted throughput (85 Mbps) on the ISR G2 platforms. | The HSEC-K9 license removes the curtailment enforced by the U.S. government export restrictions on the encrypted tunnel count and encrypted throughput. With the HSEC-K9 license, the ISR G2 router can go over the curtailment limit of 225 tunnels maximum for IP Security (IPsec) and encrypted throughput of 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps. |
| License | SL-19-SEC-K9, SL-29-SEC-K9, SL-39-SEC-K9, SL-44-SEC-K9, SL-4350-SEC-K9, SL-4330-SEC-K9, SL-4320-SEC-K9 | FL-29-HSEC-K9, FL-39-HSEC-K9, FL-39E-HSEC-K9, FL-44-HSEC-K9, FL-4350-HSEC-K9, FL-4330-HSEC-K9, FL-4320-HSEC-K9 |
| Scalability | SEC/K9 licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), encrypted throughput of 85-Mbps unidirectional traffic in or out and 1000 tunnels for Transport Layer Security (TLS) sessions | With the HSEC-K9 license, the ISRG2 router can go over the curtailment limit of 225 tunnels maximum for IP Security (IPsec) and encrypted throughput of 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps |
| Prerequisites to enable on Router | The SEC license requires the universalk9 or equivalent image | The HSEC license requires the universalk9 image and the SEC license pre-installed. |
| Platforms supporting license | Cisco 1941, 2901, and 2911 Cisco 2921, Cisco 2951, Cisco 3925, Cisco 3945, Cisco 3925E, and Cisco 3945E | Cisco 2921, Cisco 2951, Cisco 3925, Cisco 3945, Cisco 3925E, and Cisco 3945E |
| Evaluation License | The SECK9 feature has option for an evaluation license that converts to an RTU license after 60 days. | The HSECK9 feature does not have an evaluation license that converts to an RTU license after 60 days. |
Download the difference table here.
Note – The HSEC license and curtailment were introduced in the Cisco IOS Software Release 15.0(1)M1 and will be enforced on all images following that release.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
