Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IPsec, GNS3 and CCP

Hello there.

I'm trying to setup an IPsec VPN tunnel between two routers in GNS3 via Cisco Config Prof for my studies.

I already did some research. Upon checking some tutorials, rip,ospf, or eigrp is always configured first between the routers before proceeding to the configuration of IKE phase 1 and phase 2. An example is the link below.

http://commonerrors.blogspot.com/2011/09/site-to-site-vpn-cli-configuration-on.html

I have watched Keith Barker's video from CBT for "IPsec Site to Site VPNs" and noticed that he didn't need to configure routing betwen the two sites.

He used Cisco CP for the whole configuration which straightly went through IKE ph1 and ph2 configs and no routing was involved.

Here is the topology.

IPsec topology.JPG

Is it really necessary to configure routing first?

How can I emulate the internet connection between R1 and R2 using GNS3?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

IPsec, GNS3 and CCP

They don't necessarily need to know eachother's routes, but those networks will need to be routed out the WAN interface, either by a default route or more specific routes. When the traffic egresses an interface with a crypto map applied, it will then match the interesting traffic and encrypt it across the tunnel.

Hope that clarifies things.

Regards,

Mike

4 REPLIES

Re:IPsec, GNS3 and CCP

You need some way for router a to get to router b. If you are just testing, connecting them back to back on a common subnet should be sufficient. If you want to have them on separate public subnets, you can do static routing for simplicity.

Regards,
Mike


Sent from Cisco Technical Support Android App

IPsec, GNS3 and CCP

Hi Mike.

Configured static routing between two sites. Worked just fine for testing.

Just to clarify things out, does R1 really need to know the routes behind R2 and vice versa to successfully create a tunnel?

Regards,

Kev

IPsec, GNS3 and CCP

They don't necessarily need to know eachother's routes, but those networks will need to be routed out the WAN interface, either by a default route or more specific routes. When the traffic egresses an interface with a crypto map applied, it will then match the interesting traffic and encrypt it across the tunnel.

Hope that clarifies things.

Regards,

Mike

IPsec, GNS3 and CCP

Thanks!

287
Views
5
Helpful
4
Replies