We've recently added ASAs to our network. Our intention is to setup a VPN tunnel to our branch office. The head office setup shown above has many VLANs on the E0/0 interface one of which is a voice VLAN that handles our VoIP phone system traffic.
When we setup the VPN tunnel, we want to have the voice VLAN available at the branch office.
How would I go about doing this?
Currently the E0/1 interface of the ISR is configured with the IP address 192.168.15.254. The ASA's IP address for the lan/inside interface is 192.168.15.250.
Would I need to configure the ISR's E0/1 interface for sub interfaces instead?
The question is whether you need to actually span this voice VLAN over your 1841, or whether there can be another IP subnet (a VLAN or just another routed LAN) devoted as the voice VLAN for your branch offices. As the voice VLAN is effectively terminated on your 1841 E0/0, even creating subinterfaces on the E0/1 alone will not help because these two ports will still be separated by a router internally. The VLAN IDs may be the same but they are still made separate and independent of each other because of a router interconnecting them.
If the voice VLAN has to be effectively extended over your 1841 then I can imagine configuring an IRB bridge between your E0/0.X and E0/1.X interface (X meaning the voice VLAN you are currently using) and so extend this VLAN towards the ASA. I do not think however that this is a best practice design.
Also, is the VPN between your head office and the branch office working as Layer2 or Layer3 VPN? My question relates to the fact whether there is actual routing involved inside the VPN for the branch office to reach the head office. If yes then there is no point in extending the VLAN anyway. The basic question here is whether the VLAN must really span into the branch office, or whether the branch offices can have their own voice VLAN and route the voice data towards the voice VLAN on your central location.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...