We've got two sites, each having two (maybe more in the future) IP subnets:
Subnet 1: 10.1.x.x DMZ
Subnet 2: 10.2.x.x LAN
Site A has the IP feed and the firewall connecting the IP feed, LAN, DMZ together
Site B has only the two subnets LAN and DMZ
Site A: ISP, Firewall, Subnet 1, Subnet 2
Site B: Subnet 1, Subnet 2
At each site each subnet has its own cabling and switches. They are only interconnected by the firewall.
We need to extend both subnets across both sites.
I belive the most straigthforward answer would be to use the existing 100Mbit Layer 2 Link that connects both sites together with VLANs.
However the link connecting the two sites we have received from our ISP already is using VLANs on the ISP side.
According to my knowledge it is not possible that we use VLANs on top of this.
Q1: Is my assumption correct, that it is not possible to have VLANs inside VLANs
Q2: What would be a possible solution to extend both subnets across both sites in 'the most secure' manner, e.g. ensuring that for servers connected to the DMZ subnet no LAN traffic could be sniffed of the wire?
Should you require further information I'll be glad to provide it.