Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sending a VLAN across a VPN

We have a situation where we must cluster 2 enterprise servers that are geographically separated.  The clustering software will only work if one of the connections on both servers are on the same network segment.  I've been told by the vendor that this was accomplished in the past via a VLAN.  Is it possible to send a VLAN via an encrypted IPSEC VPN using an ASA 5510?  If so, how is it accomplished and how would that address be advertised out?  I know this is a bit of a complicated questions, so thanks in advance for the effort.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Sending a VLAN across a VPN

It's not possible, a VLAN is defined on layer2, an ipsec tunnel encrypts IP packets, and so works from layer3. You need switching tehcnology for this, like dark fibre, or EoMPLS if you have an mpls connection between your sites. You could look into L2TP, might be able to do what you need, but i believe it's not available in the new asa versions >7.x

2 REPLIES
Cisco Employee

Re: Sending a VLAN across a VPN

Charles,

It does sound a bit odd. I don't reall understand the phrase "one of the connections on both servers are on the same network segment".

Does it mean that client needs to to keep connection with servers on local subnet for server (directly connected network) or do both need to keep a session with each other, or both with a client... can you alleborate?

Regarding vlans assignment, what you can do on the ASA is to spcify vlan for egress packets:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1549174

Marcin

Re: Sending a VLAN across a VPN

It's not possible, a VLAN is defined on layer2, an ipsec tunnel encrypts IP packets, and so works from layer3. You need switching tehcnology for this, like dark fibre, or EoMPLS if you have an mpls connection between your sites. You could look into L2TP, might be able to do what you need, but i believe it's not available in the new asa versions >7.x

231
Views
0
Helpful
2
Replies
CreatePlease login to create content