Site to Site VPN configuration
Page 1 of 1

Author:  obaidi [ Wed Apr 09, 2014 11:38 am ]
Post subject:  Site to Site VPN configuration

Dear experts I want to test site to site VPN on GNS3 with Cisco 2600 Router, 2691, 3600, and 3700 and can't support ISAKMP support and need to update the software on its IOS and I am not able to such configuration on GNS3. Can any please advise what to do.

Thanks for the support in advance

Author:  abort [ Wed Apr 09, 2014 5:36 pm ]
Post subject:  Re: Site to Site VPN configuration

You have to add to GNS3 any image that supports crypto. Usually these images have "k9" somewhere in the name of image; most frequent phrases are: "advsecurityk9", "adventerprisek9", "advipservicesk9", "ik9s", "ik9os3", "jk9s", "jk9o3s", "telcoentk9".

Author:  bluephoenix71 [ Thu Sep 04, 2014 2:27 am ]
Post subject:  Re: Site to Site VPN configuration

Is there a bug on the GNS3? I am trying to create a site to site vpn on serial interfaces using k9 images of 7200's but I can't seem to ping and UP the interface that are supposed to be tunnelling.

Please guide me on what logs do I need to provide for you to see what is wrong?

Author:  abort [ Thu Sep 04, 2014 8:50 pm ]
Post subject:  Re: Site to Site VPN configuration

1. You DO NOT have to use k9 images just for creating tunnel interfaces - you can do it even on images that do not support crypto. It is called GRE tunnelling.
2. Crypto is required for IPSec, which is used to ecnrypt traffic between two routers - but of course usually IPSec policies are applied on Tunnel interfaces.

So what problem do you have? With GRE tunnelling or with encrypting traffic on tunnel interfaces (IPSesc/ISAKMP problems)?

Good example about creating pure GRE tunnel are at ... gre-tunnel and for complete GRE tunnel encrypted by IPSec look at ... ipsec.html
Of course, there are tons of documentation at Cisco site covering both GRE and IPSec.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group