I have an application running on a linux machine which needs users to be connected directly to the network where the application's interface is located. Unfortunately I have remote users willing to use this application. I do not know much about how this application works but it does not allows users to be routed. It does not even works if the user is nat-ed onto an IP on the same network. The only sollution for me is transparent bridging over the Internet. Another problem is, that multiple sites have to be connected to this server.
I am thinking about to create l2tp tunnels between the cisco routers and the linux server but I do not know how.
Please try to find out more about the application. Usually the reason apps "requires directly connected clients", it because it is based on UDP broadcast. Thing that can be do without a problem over GRE tunnels (broadcast forwarding via helper-address). You can also have multiple GRE tunnels or multipoin tunnels, even in meshed fashion, and IOS would guaranteed the broadcasts are never replicated because it ca use a special version fo spannign tree protocl to do this!
You would have no NAT in this case and the applications would work.
Thank you for the help! Unfortunately the application was not developped by us and it was intended to work only on a bridged not routed environment. The other problem is that we do not have time to rewrite it (usuall project management: no need to ask the IT about the impact of a change :-) ). The application is quite complicated (even has it's own DHCP server etc.). Unfortunately I have to live with that and I have to try to configure our infrastructure accordingly. The GRE tunnel is a good idea, I thought about it as well. Unfortunately Linux does not allow the GRE tunnel interface to be in a bridge group. Presently we are testing a workaround (we put a Cisco router in front of the server to terminate the GRE tunnels so I can put them into a bridge group and we put one port connected to the server to the same group). I will have the test results tomorrow.
The helper-address is also a very good idea. I was focusing to create a bridged environment but it might be that routing broadcast traffic to the correct place will solve the problem. I will also test it tomorrow.
Bridgin over GRE works. Both ends of the GRE tunnel is terminated on a Cisco router, IRB is configured, tunnel interface and the corresponding ethernet port is set to the same bridge-group. I receive IP from the linux server without any problem and the application works as well. Next step will be to try to get rid of the built in DHCP server and use the router as DHCP server (I don't know if I can do that in a bridged environment. Maybe I can use the BVI interface for that)
On Monday I will try the routed solution with ip helper-address and ip forward-protocol command.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...