While creating Bill Of Material for a new ISR G2 or 4000 series Router platform, a single universal IOS software image and the corresponding permanent technology and feature licenses may be required to be included.
Users creating BOM often get confused while selecting SEC-K9 and HSEC-K9 technology package license.
SEC K9 Licence vs HSEC K9 Licence
Below clarifies the doubts by sharing the comparison between SEC-K9 and HSEC-K9 license –
|The SEC-K9 license enables standard encryption (VPN payload and secure voice) on the ISR G2 platforms. The SEC-K9 license is designed to comply with both local and U.S. export requirements for global distribution to all countries. This license enforces a curtailment on the maximum number of encrypted tunnels (225 tunnels) and the maximum encrypted throughput (85 Mbps) on the ISR G2 platforms.
|The HSEC-K9 license removes the curtailment enforced by the U.S. government export restrictions on the encrypted tunnel count and encrypted throughput. With the HSEC-K9 license, the ISR G2 router can go over the curtailment limit of 225 tunnels maximum for IP Security (IPsec) and encrypted throughput of 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps.
|SL-19-SEC-K9, SL-29-SEC-K9, SL-39-SEC-K9, SL-44-SEC-K9, SL-4350-SEC-K9, SL-4330-SEC-K9, SL-4320-SEC-K9
|FL-29-HSEC-K9, FL-39-HSEC-K9, FL-39E-HSEC-K9, FL-44-HSEC-K9, FL-4350-HSEC-K9, FL-4330-HSEC-K9, FL-4320-HSEC-K9
|SEC/K9 licenses limit all encrypted tunnel counts to 225 tunnels maximum for IP Security (IPsec), encrypted throughput of 85-Mbps unidirectional traffic in or out and 1000 tunnels for Transport Layer Security (TLS) sessions
|With the HSEC-K9 license, the ISRG2 router can go over the curtailment limit of 225 tunnels maximum for IP Security (IPsec) and encrypted throughput of 85-Mbps unidirectional traffic in or out of the ISR G2 router, with a bidirectional total of 170 Mbps
|Prerequisites to enable on Router
|The SEC license requires the universalk9 or equivalent image
|The HSEC license requires the universalk9 image and the SEC license pre-installed.
|Platforms supporting license
|Cisco 1941, 2901, and 2911 Cisco 2921, Cisco 2951, Cisco 3925, Cisco 3945, Cisco 3925E, and Cisco 3945E
|Cisco 2921, Cisco 2951, Cisco 3925, Cisco 3945, Cisco 3925E, and Cisco 3945E
|The SECK9 feature has option for an evaluation license that converts to an RTU license after 60 days.
|The HSECK9 feature does not have an evaluation license that converts to an RTU license after 60 days.
Download the difference table here.
Note – The HSEC license and curtailment were introduced in the Cisco IOS Software Release 15.0(1)M1 and will be enforced on all images following that release.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)