Two SA520 VLAN Scenario Question

Unanswered Question
Jan 11th, 2010
User Badges:

I had a scenario based question and was wondering if it can be solved.

- Two SA520's

- Two Internet connections per SA520 (4 separate Internet connections total)

- Two VLANs per SA520 (4 VLANs total)

- Each VLAN is bound to a WAN port for Internet (keeps each VLAN on a different Internet connection)

For this scenario let:

VLAN A & B be on the first SA520.

VLAN C & D be on the second SA520.

VLAN A & B come in as a trunk to the first SA520.

VLAN C & D come in as a trunk to the second SA520.

Is it possible to route between all VLANs?

Edited: 01/12/10 10:10 Added VLAN Trunk Info.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven Smith Tue, 01/12/2010 - 07:55
User Badges:
  • Gold, 750 points or more

It should be possible to route between the VLANs.  You can create different VPN policies to connect all of the VLANs together. 

FratianiD Tue, 01/12/2010 - 08:12
User Badges:

So if I set it up just like that, it will just automagically work or is this VPN policy thing required for routing between them?

I ask because I can't see the GUI to figure it out for myself.

Steven Smith Tue, 01/12/2010 - 08:31
User Badges:
  • Gold, 750 points or more

To route over the WAN, you will need to have IPSEC and VPN Policies configured.  You can have the configuration work by connecting to the different IP addresses of the system.  It is required for the routing to work over the WAN, but not hard to configure.

FratianiD Tue, 01/12/2010 - 11:53
User Badges:

Just to make sure of things here:

- From a machine on VLAN A, I should be able to contact VLAN C & D (and vice-versa)

Do you think that would work?

If so, is it relying on RIP to communicate with the other router?

Steven Smith Tue, 01/12/2010 - 12:38
User Badges:
  • Gold, 750 points or more

The routing will not be done through RIP.  The routing will be handled via the IPSEC and VPN policies.  When you configure the policies, you give source and destination networks.  It will not use RIP to learn the routing.

FratianiD Tue, 01/12/2010 - 12:47
User Badges:

The VPN policies will handle LAN traffic as well?

Steven Smith Tue, 01/12/2010 - 13:00
User Badges:
  • Gold, 750 points or more

No, the VPN policies do not handle that.  They only will handle the traffic from one SA500 to the other SA500.  Internally, the VLAN's are routed to each just by adding the VLAN to the router.  If you have something else, that is not directly connected to the router, you could add a static route or use RIP to discover another subnet.


This Discussion