Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN on vlan

Dear All expert,

I need you to advice me on VPN on vlan.....

Please see in the attach file.

let me tell you on my diagram i would like to do that all the branch use VPN and connect to HQ( and the HQ had core switch 3560 and Cisco Router 1841)..

i mean on HQ router want to do intervlan

Best Regards,



Re: VPN on vlan


Instead of extending the VLAN's to remotes sites, create different vlan's for remote sites, create the IP addressing schema for remote sites.

Also we assume thatm you don't require NAT here..

1.You can do intervlan routing on Catalyst 3560, or make Cisco 1841 router also to do intervlan routing.

2.Put static routes to remote sites on Cisco 1841 at HQ, & default static routes on branch sites.

3.Create 2 different isakmp policies on Cisco 1841 for 2 sites, and also create the mirror of those policies on corresponding branch sites.

4.Use preshare authentication as only 2 sites are there.

5.Create transform set esp-des esp-md5-hmac

6.Create crypto map, set the peer & access-list

7.Create 2 different access-lists for 2 sites to match the traffic to be encrypted.

8.Apply the crypto map to WAN interface

HTH...rate if hekpful..

CreatePlease to create content