01-21-2008 02:14 PM - edited 03-03-2019 08:21 PM
I have two design questions that I would like to get answered if at all possible. I don't need config help but just an understanding of how this is accomplished.
In an enterprise network that consists of direct internet access at the corporate or main location with multiple branch offices and remote locations whose traffic has to come back to corporate before going to the internet, how is layer 2 trunking and VLANs supported?
How do I get a vlan at the corporate office to reside at a branch location while traversing several routers over L3? Say I needed one port on a switch at the branch office to be the 'Public' VLAN because they wanted to place a public facing server there. Or, I wanted to extend a management VLAN across the entire network. How is this accomplished across the routers?
This brings me to my next question on NAT. Please refer to the diagram. I have a firewall that NAT's traffic for public servers residing on the inside interface. Say I have a private WAN that connects a remote location that is accessible from internally only? How would I NAT a public address to a server that doesn't reside on the inside network? Is it possible?
Thanks for your help!
01-21-2008 02:38 PM
Hi
If you are running an MPLS network you could talk to your service provider about running VPLS which allows you to extend vlans across an MPLS network.
If you aren't then you can use L2TPv3 which allows you to extend a vlan across a L3 routed network. See attached link for details
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a756b.html
As for the NAT, not quite sure i fully understand. You can NAT any private address to a public IP address. As long as that private address is reachable from the firewall and the firewall is reachable from the private address it doesn't matter how many routers/switches etc. are between the firewall and the private address.
Hope i have understood
Jon
01-22-2008 12:24 PM
Thanks for the info. As for extending VLANs across a routed network, I thought it was simpler than that and that I was just missing something. Are there other tactics that enterprises would use or do they just generally not extend VLANs through the organization?
As for NAT, I assumed that the address on the private side of the firewall had to be attached to the inside interface. It sounds like it just has to be pingable though and it should work.
Thanks for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide