VPN on vlan

Unanswered Question
Sep 16th, 2008
User Badges:

Dear All expert,

I need you to advice me on VPN on vlan.....

Please see in the attach file.

let me tell you on my diagram i would like to do that all the branch use VPN and connect to HQ( and the HQ had core switch 3560 and Cisco Router 1841)..

i mean on HQ router want to do intervlan

Best Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
satish_zanjurne Tue, 09/16/2008 - 22:39
User Badges:
  • Silver, 250 points or more


Instead of extending the VLAN's to remotes sites, create different vlan's for remote sites, create the IP addressing schema for remote sites.

Also we assume thatm you don't require NAT here..

1.You can do intervlan routing on Catalyst 3560, or make Cisco 1841 router also to do intervlan routing.

2.Put static routes to remote sites on Cisco 1841 at HQ, & default static routes on branch sites.

3.Create 2 different isakmp policies on Cisco 1841 for 2 sites, and also create the mirror of those policies on corresponding branch sites.

4.Use preshare authentication as only 2 sites are there.

5.Create transform set esp-des esp-md5-hmac

6.Create crypto map, set the peer & access-list

7.Create 2 different access-lists for 2 sites to match the traffic to be encrypted.

8.Apply the crypto map to WAN interface

HTH...rate if hekpful..


This Discussion