Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

RV320 passing multiple VLANs

Hi,

Need for another definit answer.  Is it possible  to route over VPN between two site any subnet or just specified on VPN tunnel networks.  Using Firewall policies we could in fact specify multiple subnet to allow to travers between termination points on the tunel.  How to understand from that perspecive in the firewall setup the concept of specifying the interface and source and destination? 

Andrew

Everyone's tags (2)
2 REPLIES
New Member

RV320 passing multiple VLANs

Hi Andrew, thank you for using our forum, my name is Luis I am part of the Small business Support community. I think you are a little bit confused with those protocols, a VPN is a connection between two endpoints in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This tunnel establishes a private network that can send data securely by using industry-standard encryption and authentication techniques to secure the data sent. In addition, the connection between two subnet that you specified.

And the firewall is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not.

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

New Member

RV320 passing multiple VLANs

Arias,

Thank you for this info.  My problem was related to splitting VLAN traffic (2, 4, 8) over multiple VPN (IPSec) tunnels.  That has been accomplished as long as VPN tunnels which each bond a pair on VLANs start/terminate on the same WAN port interface (WAN or DMZ)  on RV320.  VPN tunnel has predefined source/destination IP subnet, you can not assign multiple subnets but only single pair.  Multiple VPN tunnels are therefor required.  In my case no interVLAN routing is allowed.  I tried to run it over different WAN interfaces pointing to different sites and that is casing problems.  Solution is supernetting your internal private network so single IKE policy accepts "all VLANs" regardless of the destination network, and the routing is done exclusively over "matching" VPN tunnel source/destination subnets.  I have hub-spoke architecture to implement.  Split between networks is 100% locking any cross-vlan leakage, you must reside in the particular VLAN in siteA  to access matching remote VLAN in siteB, no other but 1 pair for multiple locations.  So far it works I am introducing one at a time, i will see how many is too many...  Thank you for support, I might get back to you for more hey you never know.

1035
Views
0
Helpful
2
Replies
CreatePlease to create content