The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
PB744830
Cisco announces the end-of-life dates for the Cisco IPsec Static Crypto Map and Dynamic Crypto Map Feature in IOS XE software release 17.6.
Software maintenance support for IOS XE 17.6.6 software release end on Aug 31, 2023. No patches or maintenance releases will be provided IOS XE 17.6.6 software release after that date.
Starting February 2, 2023 only security vulnerability issues will be addressed.
Software maintenance requires an active service contract.
GETVPN crypto map is not affected by this EoL
Customers with the Cisco IPsec Static Crypto Map and Dynamic Crypto Map feature in IOS XE software release are encouraged to migrate to the Cisco IPsec Virtual Tunnel Interface feature in IOS XE.
IPsec Static Crypto Map and Dynamic Crypto Map create a static mapping of an IPsec session to a physical interface A big advantage of the IPsec Virtual Tunnel Interface is that it supports native IPsec tunneling. The benefits of IPsec Virtual Tunnel Interface include:
● Provides flexibility to send and receive encrypted traffic on any physical interface, including multi paths.
● Minimal configuration as on-demand virtual- access interface is cloned from virtual-template interface for dynamic Virtual Tunnel Interface configuration.
● Traffic is encrypted/decrypted when forwarded to/from the tunnel interface and is managed by the IP routing table.
● Features can either be applied to clear-text packets on the Virtual Tunnel Interface, or encrypted packets on the physical interface.
IPsec Static Crypto Map and Dynamic Crypto Map use access list to specify conditions to determine which IP packets are protected, combinatory explosion of source/destination pairs can result in Crypto ACL management and operation complexity, and is prone to mismatch configurations. With IPsec Virtual Tunnel Interface, routing protocols is used to decide which traffic is to be protected, thus improving the feature ease of use and operation simplicity.
Please refer to the white paper "Migrating from IPsec Static Crypto Maps and Dynamic Crypto Maps to Virtual Tunnel Interface" for more details on transition steps.
Cisco Takeback and Recycle program helps businesses dispose properly of surplus products that have reached their end of useful life. The program is open to all business users of Cisco equipment and its associated brands and subsidiaries. For more information, go to: https://www.cisco.com/web/about/ac227/ac228/ac231/about_cisco_takeback_recycling.html.
For more information about the Cisco End-of-Life Policy, go to: https://www.cisco.com/en/US/products/products_end-of-life_policy.html.
For more information about the Cisco Product Warranties, go to: https://www.cisco.com/en/US/products/prod_warranties_listing.html.
To subscribe to receive end-of-life/end-of-sale information, go to: https://www.cisco.com/cisco/support/notifications.html.
Any authorized translation issued by Cisco Systems or affiliates of this end-of-life Product Bulletin is intended to help customers understand the content described in the English version. This translation is the result of a commercially reasonable effort; however, if there are discrepancies between the English version and the translated document, please refer to the English version, which is considered authoritative.