https://community.cisco.com/t5/network-security/vpn-with-ether-switch-module-zone-firewall/m-p/1627845#M586614 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>It will work, but you have configured the gig0/2/0 in a not direct way.</P><P><BR />interface GigabitEthernet0/2/0<BR />description lan to lan vpn <BR />switchport access vlan 15 <BR />switchport trunk native vlan 15 <BR />switchport mode trunk</P><P></P><P>interface Vlan15 <BR />description lan to lan vpn<BR /> ip address 10.12.14.1 255.255.248.0 <BR />ip nat inside <BR />ip virtual-reassembly in <BR />zone-member security VPN</P><P></P><P>you configured gig0/2/0 to be a trunk trunking all vlans, with native vlan 15. that means any non dot1q/isl tagged packets will belong to vlan 15. however since you're not using other vlans on the router then why make gig0/2/0 a trunk and not simply an access port?.</P><P></P><P>unless you want to add other interface Vlans later on the router to use other vlans i don't see why this is needed?</P><P></P><P>But in short, yes, this should work (of course if the vpn and firewall configuration sections allow it).</P><P></P><P>Regards,</P><P>Fadi.</P></BODY></HTML> Sun, 02 Jan 2011 07:54:34 GMT fadlouni 2011-01-02T07:54:34Z https://community.cisco.com/t5/network-security/vpn-with-ether-switch-module-zone-firewall/m-p/1627844#M586613 <P></P><P>Hi,</P><P></P><P>A 2811 router has an ether service module in router.</P><P>internet-1 interface is to be used as lan to lan vpn interface.zone based firewall will also be used in this.</P><P></P><P>the ether service module will have application hosts connected.</P><P>these application hosts has to be available via vpn when remote user connects via site to site vpn over isp-1 interface to these applications.</P><P></P><P>will it work if vlan 15 ( gig0/2/0 ) of router is connected to ether service module , in which hosts will be there.</P><P></P><P>i have posted a starting configuration . please help if the configuration will work &amp; suggest corrections.</P><P></P><P>thanks in advance.</P><P></P><DIV> </DIV><P></P> Mon, 11 Mar 2019 19:26:30 GMT https://community.cisco.com/t5/network-security/vpn-with-ether-switch-module-zone-firewall/m-p/1627844#M586613 suthomas1 2019-03-11T19:26:30Z https://community.cisco.com/t5/network-security/vpn-with-ether-switch-module-zone-firewall/m-p/1627845#M586614 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>It will work, but you have configured the gig0/2/0 in a not direct way.</P><P><BR />interface GigabitEthernet0/2/0<BR />description lan to lan vpn <BR />switchport access vlan 15 <BR />switchport trunk native vlan 15 <BR />switchport mode trunk</P><P></P><P>interface Vlan15 <BR />description lan to lan vpn<BR /> ip address 10.12.14.1 255.255.248.0 <BR />ip nat inside <BR />ip virtual-reassembly in <BR />zone-member security VPN</P><P></P><P>you configured gig0/2/0 to be a trunk trunking all vlans, with native vlan 15. that means any non dot1q/isl tagged packets will belong to vlan 15. however since you're not using other vlans on the router then why make gig0/2/0 a trunk and not simply an access port?.</P><P></P><P>unless you want to add other interface Vlans later on the router to use other vlans i don't see why this is needed?</P><P></P><P>But in short, yes, this should work (of course if the vpn and firewall configuration sections allow it).</P><P></P><P>Regards,</P><P>Fadi.</P></BODY></HTML> Sun, 02 Jan 2011 07:54:34 GMT https://community.cisco.com/t5/network-security/vpn-with-ether-switch-module-zone-firewall/m-p/1627845#M586614 fadlouni 2011-01-02T07:54:34Z