Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1279
Views
4
Helpful
3
Replies

VLAN's over internet/IPSec Tunnel

Fraser Reid
Level 1
Level 1

‎10-19-2005 02:45 AM - edited ‎03-03-2019 10:45 AM

Hi All !

I have a problem.

I have trunked 5 VLANS from various sites over sattelite and have them all ending on a hub router ,

but my difficulty now is in getting them sent to the HQ over the internet.

I have thought about only 2 ways of possibly being able to do this

1. Get a leased Line :-)

2. and the only feasable alternative ! is to get the VLANs sent per IPSec over the internet but this is my problem....

How do I get a packet from a VLAN into an IPSec tunnel and vice versa ?

What equipment would I need ? (more switches/routers)

Do I need 1 IPSec tunnel for each VLAN to keep them separate from each other ?

Can someone please help.

Labels:
16381-Test.VSD
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-19-2005 05:56 AM

Fraser

Your drawing suggests that you are thinking about trying to do 5 separate IPSec tunnels from the remote router to the central router. I do not believe that you can do multiple separate tunnels between the same two peer routers.

I have a question about what your real requirements are. Do you really need to get the 5 VLANs to HQ (as separate VLANs) or do you need to get the traffic from the remotes to HQ?

I think it is very problematic to try to get the VLANs separately to HQ. One way to understand VLANs is that a VLAN is essentially a broadcast domain. It is problematic to try to extend a broadcast domain over an Internet connection. It is usually much better to terminate the VLAN at the edge of the cloud and to route over the Internet to establish connectivity between the remote end stations and the HQ.

HTH

Rick

HTH

Rick

attrgautam
Level 5
Level 5
In response to Richard Burts

‎10-19-2005 06:02 AM

Hi

If you want to extend the LAN or VLAN end to end you could look at whether your SP can do an AToM or L2TPv3.

Regds

0 Helpful

Fraser Reid
Level 1
Level 1
In response to Richard Burts

‎10-19-2005 06:49 AM

Hi Rick,

What I need to do is just keep the traffic separated in any way until it gets to the HQ.

All Remote sites have 5 VLANs.

but VLAN 2 from site 1 is not allowed to speak with any other VLAN from any other site until it gets back to HQ.

so the VLAN traffic has to be completely separate until it has reached HQ.

what I was thinking about (but did not get to work) was just by using IP addresses from the different VLAN subnets with ACL's to keep the data separate on the Hub router in the middle of the sketch before sending it all as 1 data stream over an IPSec tunnel.

Any advances on this thought ?

Thanks

Fraser

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card