06-25-2007 12:41 PM - edited 03-03-2019 05:36 PM
I have a class C private network that I would like to span two different cities over a VPN. To both locations, all the IP addresses must appear to be on the same LAN. What is the best way to do this? Is there any article that explains this?
06-25-2007 12:45 PM
06-26-2007 11:29 AM
Edison,
Thanks for pointing me to a great article. I gained a lot of info. Can you confirm that transparent bridging will work well in the following situation? Can I apply it here:
Say, 192.168.1.0 / 24 Ethernet network connects to a layer 3 switch, which connects to a VPN router via another network interface. The VPN router forms a IPSec/GRE tunnel VPN to a remote location over the Internet, terminating in another VPN endpoint. Another private Ethernet interface on this endpoint needs to have the same 192.168.1.0 /24 network. (A VLAN extension). This is needed for a short period while we are moving hosts from one location to another. Can this be accomplished by transparent bridging or do we need something else?
Thanks
06-26-2007 11:35 AM
The VPN Router is also part of the 192.168.1.0/24 segment ? If so GRE tunnel can transport the bridging information via the tunnel.
However, from your environment, I would recommend double NAT'ng between the 2 offices instead of bridging.
With bridging, you will be extending your L2 environment over slow/unreliable VPN links.
Once you configure your bridging environment, one location will hold the root of the spanning tree domain and all traffic within that VLAN will traverse back and forth over the VPN link. Not the most ideal setup for enterprise networking.
NAT'ng between locations gives you the ability to scale the migration to meet your needs without a major change in your L2 topology.
HTH,
06-28-2007 09:14 AM
Yes, the VPN router is also part of the 192.168.1.0 /24 segment. As this is only a short term requirement and as we have a multi-meg WAN pipe, I don't mind extending the VLAN over the WAN/VPN.
Do you have an article for configuring this VLAN extension and an example config? Your help is appreciated.
Thanks.
06-28-2007 02:29 PM
In your case, you will have to route and bridge at the same time, so concentrate on the IRB configuration for bridging.
You will have a BVI interface, this is the L3 interface. On the segments you want to bridge, you need to enter the bridge-group command.
Personally, I've never done it on a WAN/VPN. I've only done it on frame-relay or ppp WAN connections in a lab. I never had the need to extend a L2 environment over a WAN connection.
The portion of the documentation you need to concentrate on will be IRB
There are some examples on IRB. Please make sure you simulate this scenario in a Lab before deployment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide