Maybe I am way off base here, but here is what I am trying to do:
We have a co0location site that hosts our web sites, and we run a fiber connection between HQ and the co-location. We can use the public handoff at the co-location for a backup internet connection from corp HQ. What I have done so far is set up a tunnel between HQ and the co-location, and that is working just fine. Now here is where I need some help. In the switch at the co-location, I have a seperate vlan set up for the public handoff to the co-lo POP. Right now there is a vlan interface for that vlan, but it has no IP address assigned. In order for my tunnel to work, I will need an IP address. My question is, can I use a private IP address for that vlan without screwing anything up, or will I have to use one of my publically assigned IP addresses?
However, if you want to setup a tunnel over the internet for a backup purposes you need:
two public ip addresses that are used in the external envelope (header) to allow packets to go between the two locations over the internet
one private subnet used over the tunnel that allows to build a logical point to point link.
So if you are referring to a L3 SVI associated to the l2 broadcast domain (vlan) where the internet link terminates yes you need to assign a public ip address to it and you need to protect your device from access from the internet.
using a private address there would be useless.
Rather you should assign a private ip address to the tunnel itself (I think of a GRE tunnel)
A GRE tunnel carried inside IPSec should be the best solution.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...