Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
4
Helpful
2
Replies

Extending VLANs Across Network and NAT Too!

ryanparr9
Level 1
Level 1

‎01-21-2008 02:14 PM - edited ‎03-03-2019 08:21 PM

I have two design questions that I would like to get answered if at all possible. I don't need config help but just an understanding of how this is accomplished.

In an enterprise network that consists of direct internet access at the corporate or main location with multiple branch offices and remote locations whose traffic has to come back to corporate before going to the internet, how is layer 2 trunking and VLANs supported?

How do I get a vlan at the corporate office to reside at a branch location while traversing several routers over L3? Say I needed one port on a switch at the branch office to be the 'Public' VLAN because they wanted to place a public facing server there. Or, I wanted to extend a management VLAN across the entire network. How is this accomplished across the routers?

This brings me to my next question on NAT. Please refer to the diagram. I have a firewall that NAT's traffic for public servers residing on the inside interface. Say I have a private WAN that connects a remote location that is accessible from internally only? How would I NAT a public address to a server that doesn't reside on the inside network? Is it possible?

Thanks for your help!

Labels:
Preview file
25 KB
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎01-21-2008 02:38 PM

Hi

If you are running an MPLS network you could talk to your service provider about running VPLS which allows you to extend vlans across an MPLS network.

If you aren't then you can use L2TPv3 which allows you to extend a vlan across a L3 routed network. See attached link for details

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a756b.html

As for the NAT, not quite sure i fully understand. You can NAT any private address to a public IP address. As long as that private address is reachable from the firewall and the firewall is reachable from the private address it doesn't matter how many routers/switches etc. are between the firewall and the private address.

Hope i have understood

Jon

ryanparr9
Level 1
Level 1
In response to Jon Marshall

‎01-22-2008 12:24 PM

Thanks for the info. As for extending VLANs across a routed network, I thought it was simpler than that and that I was just missing something. Are there other tactics that enterprises would use or do they just generally not extend VLANs through the organization?

As for NAT, I assumed that the address on the private side of the firewall had to be attached to the inside interface. It sounds like it just has to be pingable though and it should work.

Thanks for your help!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card