cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3467
Views
10
Helpful
6
Replies

VPN/IPsec router support in Packet Tracer

I hope this is the right place for me to post this question.

I would like to know, if a router doesn't support VPN (meaning it can't be used as a VPN server) can it still route an IPsec packet? And which router I should use as a server for IPSec (AH tunnel mode) site-to-site VPN ?

I was using Router-PT in my packet tracer file, but when I wanted to configure IPSec VPN I need to change it and I'm wondering if I have to change all routers that my packet passes by.

Thank you.

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Routers which required to establish need IPSEC feature - not every node in that required to have that feature, if i understand yoyur question correctly 

 

here is a good video :

 

https://www.youtube.com/watch?v=Z7LwU6H5IGE

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

LJ Gabrillo
Level 5
Level 5

If understand your question correctly. Your setup is like:

[R1]---[R2]---[R3]

 

--R1 has a Site-to-Site connection to R3

--R2 is just a middle router, just routing/connecting R1 and R3's WAN interfaces

 

In terms of feature support:

R2 does NOT require IPSec feature support

R1 and R3 do require IPSec feature support

Yes your understanding is correct, R2 is just transit to route exchance and facilitate network reachability R1 and R3

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Martin L
VIP
VIP

 

Router-PT and empty Router in packet tracer is using 12.x  IOS so it may not be best option. PT also does not support all features and does not behave like real IOS.  You can do IPSec in PT, but most likely not all options are available. PT comes with lots of samples build-in.  You can open a sample to see what IPSec options are there (and supported by PT).

I would recommend at least GNS3 stand-alone version which is perfect for routeing labbing.  GNS3 requires you to have real IOS, only IOS 15.x is from c7200 routers.  

 

Regards, ML
**Please Rate All Helpful Responses **


@Martin L wrote:

 

Router-PT and empty Router in packet tracer is using 12.x  IOS so it may not be best option. PT also does not support all features and does not behave like real IOS.  You can do IPSec in PT, but most likely not all options are available. PT comes with lots of samples build-in.  You can open a sample to see what IPSec options are there (and supported by PT).

I would recommend at least GNS3 stand-alone version which is perfect for routeing labbing.  GNS3 requires you to have real IOS, only IOS 15.x is from c7200 routers.  

 


Oh yeah, this as well. As @Martin L mentioned, Packet Tracer is VERY LIMITED. Better use GNS3 or, alternatively, you can also use EVE

 

Use EVE for CCIE lab, lots of stuff and devices; heavy labbing

Use GNS3 for a quick lab, small and portable, quick setup in 1 minute with gns3 portable standalone edition.

 

Regards, ML
**Please Rate All Helpful Responses **

 

Review Cisco Networking for a $25 gift card