VPN/IPsec router support in Packet Tracer

iybenhamadi15648 · ‎05-25-2021

I hope this is the right place for me to post this question.

I would like to know, if a router doesn't support VPN (meaning it can't be used as a VPN server) can it still route an IPsec packet? And which router I should use as a server for IPSec (AH tunnel mode) site-to-site VPN ?

I was using Router-PT in my packet tracer file, but when I wanted to configure IPSec VPN I need to change it and I'm wondering if I have to change all routers that my packet passes by.

Thank you.

balaji.bandi · ‎05-25-2021

Routers which required to establish need IPSEC feature - not every node in that required to have that feature, if i understand yoyur question correctly

here is a good video :

https://www.youtube.com/watch?v=Z7LwU6H5IGE

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

LJ Gabrillo · ‎05-26-2021

If understand your question correctly. Your setup is like:

[R1]---[R2]---[R3]

--R1 has a Site-to-Site connection to R3

--R2 is just a middle router, just routing/connecting R1 and R3's WAN interfaces

In terms of feature support:

R2 does NOT require IPSec feature support

R1 and R3 do require IPSec feature support

balaji.bandi · ‎05-26-2021

Yes your understanding is correct, R2 is just transit to route exchance and facilitate network reachability R1 and R3

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L · ‎05-26-2021

Router-PT and empty Router in packet tracer is using 12.x IOS so it may not be best option. PT also does not support all features and does not behave like real IOS. You can do IPSec in PT, but most likely not all options are available. PT comes with lots of samples build-in. You can open a sample to see what IPSec options are there (and supported by PT).

I would recommend at least GNS3 stand-alone version which is perfect for routeing labbing. GNS3 requires you to have real IOS, only IOS 15.x is from c7200 routers.

Regards, ML
**Please Rate All Helpful Responses **

LJ Gabrillo · ‎05-27-2021

@Martin L wrote:

Router-PT and empty Router in packet tracer is using 12.x IOS so it may not be best option. PT also does not support all features and does not behave like real IOS. You can do IPSec in PT, but most likely not all options are available. PT comes with lots of samples build-in. You can open a sample to see what IPSec options are there (and supported by PT).
I would recommend at least GNS3 stand-alone version which is perfect for routeing labbing. GNS3 requires you to have real IOS, only IOS 15.x is from c7200 routers.

Oh yeah, this as well. As @Martin L mentioned, Packet Tracer is VERY LIMITED. Better use GNS3 or, alternatively, you can also use EVE

Martin L · ‎05-27-2021

Use EVE for CCIE lab, lots of stuff and devices; heavy labbing

Use GNS3 for a quick lab, small and portable, quick setup in 1 minute with gns3 portable standalone edition.

Regards, ML
**Please Rate All Helpful Responses **