The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
PB744830
Cisco announces the end-of-life timeline for the Cisco IPsec Static and Dynamic Crypto Map in Tunnel mode features in IOS XE software release 17.18.
End-of-Sale and End-of-Life announcement for IOS XE 17.18.x release shall be the guide for additional support timelines post it’s announcement.
Software maintenance requires an active service contract.
GETVPN Crypto Map and Cisco IPsec Static or Dynamic Crypto Map with Transport mode (host-to-host IPsec protection) are not affected by this EoL.
Customers with Cisco IPsec Static or Dynamic Crypto Map in Tunnel mode feature in IOS XE software release should migrate to the Cisco IPsec Virtual Tunnel Interface based solution such as FlexVPN or DMVPN; or to Cisco Catalyst SD-WAN feature set in IOS XE.
The benefits of IPsec Virtual Tunnel Interface include:
● Flexibility to send and receive encrypted traffic on any physical interface, including multi paths.
● Simplified configuration as on-demand virtual- access interface is cloned from virtual-template interface for dynamic Virtual Tunnel Interface configuration.
● Traffic is encrypted/decrypted when forwarded to/from the tunnel interface and is managed by the IP routing table.
● Features can either be applied to clear-text packets on the Virtual Tunnel Interface, or encrypted packets on the physical interface.
Static and Dynamic Crypto Maps use access list to specify conditions to determine which IP packets are protected, combinatory explosion of source/destination pairs can result in Crypto ACL management and operation complexity, and is prone to mismatch configurations. With IPsec Virtual Tunnel Interface, routing protocols are used to decide which traffic is to be protected, thus improving the feature ease of use and operation simplicity.
Please refer to the white paper "Migrating from IPsec Static Crypto Maps and Dynamic Crypto Maps to Virtual Tunnel Interface" for more details on transition steps.
To learn more about Cisco Catalyst SD-WAN, please refer Cisco Catalyst SD-WAN.
Cisco Takeback and Recycle program helps businesses dispose properly of surplus products that have reached their end of useful life. The program is open to all business users of Cisco equipment and its associated brands and subsidiaries. For more information, go to: https://www.cisco.com/web/about/ac227/ac228/ac231/about_cisco_takeback_recycling.html.
For more information about the Cisco End-of-Life Policy, go to: https://www.cisco.com/c/en/us/products/eos-eol-policy.html.
For more information about the Cisco Product Warranties, go to: https://www.cisco.com/c/en/us/products/warranty-listing.html.
To subscribe to receive end-of-life/end-of-sale information, go to: https://cway.cisco.com/mynotifications.
Any authorized translation issued by Cisco Systems or affiliates of this end-of-life Product Bulletin is intended to help customers understand the content described in the English version. This translation is the result of a commercially reasonable effort; however, if there are discrepancies between the English version and the translated document, please refer to the English version, which is considered authoritative.