Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC over tagged VLAN?

I work for a college where we have a builing connected via fiber with multiple trunked VLAN's. We have a department who needs to secure all their traffic so they installed two Cisco ASA devices. They want their traffic between the main site and this other location to be protected by a site to site VPN. Using the same fiber can I assign them a seperate VLAN and attach to each firewall? I am not sure if you can do this or does the VLAN need to be untagged?

1 REPLY
Hall of Fame Super Silver

Re: IPSEC over tagged VLAN?

Thomas

I can not think of any reason why it would matter whether the VLAN were tagged or untagged. What the site to site VPN needs is IP connectivity. As long as the ASA on one side has appropriate IP connectivity to the other ASA then the VPN should work.

You could assign them a separate VLAN and they might feel good if you did. But I do not believe that it is necessary or adds anything significant to protecting the traffic. The IPSec VPN provides protection for the traffic no matter what VLAN it is in.

HTH

Rick

110
Views
0
Helpful
1
Replies