Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
5
Helpful
4
Replies

IPsec, GNS3 and CCP

Go to solution
Kevin86
Level 1
Level 1

‎09-10-2013 07:16 PM - edited ‎02-21-2020 07:08 PM

Hello there.

I'm trying to setup an IPsec VPN tunnel between two routers in GNS3 via Cisco Config Prof for my studies.

I already did some research. Upon checking some tutorials, rip,ospf, or eigrp is always configured first between the routers before proceeding to the configuration of IKE phase 1 and phase 2. An example is the link below.

http://commonerrors.blogspot.com/2011/09/site-to-site-vpn-cli-configuration-on.html

I have watched Keith Barker's video from CBT for "IPsec Site to Site VPNs" and noticed that he didn't need to configure routing betwen the two sites.

He used Cisco CP for the whole configuration which straightly went through IKE ph1 and ph2 configs and no routing was involved.

Here is the topology.

IPsec topology.JPG

Is it really necessary to configure routing first?

How can I emulate the internet connection between R1 and R2 using GNS3?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike Williams
Level 5
Level 5
In response to Kevin86

‎09-11-2013 06:44 AM

They don't necessarily need to know eachother's routes, but those networks will need to be routed out the WAN interface, either by a default route or more specific routes. When the traffic egresses an interface with a crypto map applied, it will then match the interesting traffic and encrypt it across the tunnel.

Hope that clarifies things.

Regards,

Mike

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mike Williams
Level 5
Level 5

‎09-10-2013 09:01 PM

You need some way for router a to get to router b. If you are just testing, connecting them back to back on a common subnet should be sufficient. If you want to have them on separate public subnets, you can do static routing for simplicity.

Regards,
Mike


Sent from Cisco Technical Support Android App

Go to solution
Kevin86
Level 1
Level 1
In response to Mike Williams

‎09-10-2013 11:48 PM

Hi Mike.

Configured static routing between two sites. Worked just fine for testing.

Just to clarify things out, does R1 really need to know the routes behind R2 and vice versa to successfully create a tunnel?

Regards,

Kev

0 Helpful

Go to solution
Mike Williams
Level 5
Level 5
In response to Kevin86

‎09-11-2013 06:44 AM

They don't necessarily need to know eachother's routes, but those networks will need to be routed out the WAN interface, either by a default route or more specific routes. When the traffic egresses an interface with a crypto map applied, it will then match the interesting traffic and encrypt it across the tunnel.

Hope that clarifies things.

Regards,

Mike

0 Helpful

Go to solution
Kevin86
Level 1
Level 1
In response to Mike Williams

‎09-11-2013 06:33 PM

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents