IPSEC over tagged VLAN?

Unanswered Question
Jun 26th, 2007

I work for a college where we have a builing connected via fiber with multiple trunked VLAN's. We have a department who needs to secure all their traffic so they installed two Cisco ASA devices. They want their traffic between the main site and this other location to be protected by a site to site VPN. Using the same fiber can I assign them a seperate VLAN and attach to each firewall? I am not sure if you can do this or does the VLAN need to be untagged?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 06/26/2007 - 07:03


I can not think of any reason why it would matter whether the VLAN were tagged or untagged. What the site to site VPN needs is IP connectivity. As long as the ASA on one side has appropriate IP connectivity to the other ASA then the VPN should work.

You could assign them a separate VLAN and they might feel good if you did. But I do not believe that it is necessary or adds anything significant to protecting the traffic. The IPSec VPN provides protection for the traffic no matter what VLAN it is in.




This Discussion