?
Solved

Tying together VLANs to make VPNs

Posted on 2005-03-14
6
Medium Priority
?
348 Views
Last Modified: 2010-04-17
I am looking for ways to support multiple site to site VPNs for our company.   The hardware I am currently using includes a

3524-XL switch with IOS 3500XL v12.0(5)wc3b
2611 router with IOS V12.3(12a)

I can set up site to site VPNs using my ethernet ports on the router, but those are getting to be rare (I am using 5/6 ports currently).  I have to expand our VPN capabilities significantly, as one of our projects is to bring satellite locations (5+) under our umbrella, and allow them to VPN in to our network.  I was wondering if there was a way to make my switch an extention of my ethernet ports of my router by assigning IPs and VLAN tags to it, and create my tunnels from there.  Any information on this would be way cool!
0
Comment
Question by:trenchant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Expert Comment

by:Talmash
ID: 13535526
hi,

the only way I know for tying Vlans is to define a MLL entry in the switch.
MLL = multicasts linked list.
MLL also known as IPM = IP multicasts

usually, the router/switch has a table, that can be configured by the managment for MLL entries.
each entry hold list of VLANs that attached to this MLL entry. (tied VLAN ...)

the traffic should be sent to a special MAC_DA that also configured to point to the MLL entry mentioned above. (instead of the regular MAC address that point to a pair of device_num & port_num)

I am developing switchs/routers (ASIC) for the past 6 years, so there is a nice chance the chip you are working with, related to my company "Galileo/Marvell".

tal
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1200 total points
ID: 13535902
Use GRE tunnels to link your sites, the GRE interface is a virtual interface. Then you run IPSEC over the GRE  interfaces without using up physical interfaces.  Does your 2611 have a AIM card? The 2611 is a low end router, not much horse power, you will not be able to expand your VPN capabilities significantly with this device without taking a performance hit. I would recommend a 2651XM for your project.

harbor235
0
 

Author Comment

by:trenchant
ID: 13536263
My understanding of GRE tunnels is that they are not secure.  I need to use IPSEC in my environment (medical).
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 32

Expert Comment

by:harbor235
ID: 13539988
GRE is not secure, thats why you are going to run IPSEC between the GRE endpoints.
It will be IPSEC inside GRE.

harbor235
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 800 total points
ID: 13541291
I think that what you are looking for is multipoint GRE and IPSEC VPn's (Dynamic Multipoint VPN)..
This document is very thorough:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html
0
 

Author Comment

by:trenchant
ID: 13627872
Thanks for the info.  Actually I'm stuck in the mud right now, and trying to dig my way out, but thats another story.. indeed!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question