IPSEC over tagged VLAN?

Unanswered Question
Jun 26th, 2007
User Badges:

I work for a college where we have a builing connected via fiber with multiple trunked VLAN's. We have a department who needs to secure all their traffic so they installed two Cisco ASA devices. They want their traffic between the main site and this other location to be protected by a site to site VPN. Using the same fiber can I assign them a seperate VLAN and attach to each firewall? I am not sure if you can do this or does the VLAN need to be untagged?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 06/26/2007 - 07:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I can not think of any reason why it would matter whether the VLAN were tagged or untagged. What the site to site VPN needs is IP connectivity. As long as the ASA on one side has appropriate IP connectivity to the other ASA then the VPN should work.

You could assign them a separate VLAN and they might feel good if you did. But I do not believe that it is necessary or adds anything significant to protecting the traffic. The IPSec VPN provides protection for the traffic no matter what VLAN it is in.




This Discussion