Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

S2S VPN to non-native VLAN

Was not sure whether to post in VPN forum or in Network Infrasturture forum so I apologize if this is in the incorrect forum.

I am attempting to setup a S2S VPN tunnel to a VLAN within my test ESX cluster I have also setup to physical servers on each VLAN on both sides to verifiy this is not a VMware issue and by using stricly physical machines I get the same issue that is stated below. The basic test network layout is as follows:

Guest (192.168.5..0)

|

---------

|PIX 501|

---------

|

|

|

Internet

|

|

|

-----

|PIX 506| (172.30.1.0)

-----

| |-ESX1 (172.30.1.0)

|-----

| |-ESX2 (172.30.1.0)

VLAN1 (172.30.1.0)

|

----------

| 3750 | (172.30.1.0)

----------

|

VLAN2 (172.30.10.0)

|

VM Guest (172.30.10.0)

From the remote endpoint I am able to establish the VPN tunnel and am able to ping the VM guest NIC with a response. What I am not able to do is RDP/connect

though the S2S VPN this guest VM in the non-native VLAN. If I apply a static map/public IP on the firewall to the VM guest I am able to remote into the

VM guest successfully in the non-native VLAN just not through the S2S tunnel, this verifies that outside access is permissible/routable to the VM from the internet though not in an encrypted tunnel. I created a new VM guest and placed it in the same VLAN as the firewall/ESX hosts and added the additional ACLs for the S2S and am successful in connecting via site2site tunnel to the native VLAN. This let me to think that it is some routing issue on my Cisco 3750 but to this point I am not able to reach a conclusion as to why I am not able to connect to the non-native VLAN. Running the same S2S into the native VLAN (1) this does work successfully when I changed/added the ACL's for those private IP's.

Attached is the configs/debugs/ICMP results.

Thanks in advance.

In the attached config the 3750 says it has an IP of 172.30.10.0 but should be 172.30.1.0.

110
Views
0
Helpful
0
Replies
CreatePlease to create content