VLANS over VPN
Hi All
This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel
Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site
The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances
Any help or suggestions on this would be greatly appreciated
This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel
Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site
The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances
Any help or suggestions on this would be greatly appreciated
Sophos UTM has a RED (Remote Ethernet Device) functionality.
This allow VLANs at L2 transferred to the remote site.
Cisco should enable L2 connectivity too. But i don't know if VLANS are possible.
This allow VLANs at L2 transferred to the remote site.
Cisco should enable L2 connectivity too. But i don't know if VLANS are possible.
There are 2 descriptions for a tunnel... one is called Phase 1 (IKE) this is the key negotiation, the other is Phase 2 Tunnel, based on the Phase 1 key exchange. Normally one can setup multiple Phase 2 specs to one Phase 1 key. and that way create multiple pipes in the same tunnel.
With each pipe their own endpoint. BTW, be advised that this can map a vlan on site one to a vlan on site 2, but it is Routed not switched.
Therefore the broadcast domains stay separated.
With each pipe their own endpoint. BTW, be advised that this can map a vlan on site one to a vlan on site 2, but it is Routed not switched.
Therefore the broadcast domains stay separated.
The easiest way is to use a layer 3 tunnel interface. both cisco and sonicwall can do this. you create a ipsec tunnel with a small subnet, normaly a /30 and route all vlans from one location to the other. dont forget to tell the routers/layer3 svi with routes the back.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
THe VLAns have to be defined on both sides i.e. the firewalls on each end will have the VLANS to which the switches are subordinated. then your segment to segment mapping.....
sounds as though you want the VLAns on the branch to inherit from HQ via the mere presence of the site to site VPN.
The VLANS have to exist on each side and the VPN will merely facilitate the data flow that then will be matched based on the routing rules you set
i.e. segment A in branch VLAN 12 will be allowed to pass to Segment 1 VLAN 12.