Solved: Re: vpn with ether switch module , zone firewall

suthomas1 · ‎12-22-2010

Hi,

A 2811 router has an ether service module in router.

internet-1 interface is to be used as lan to lan vpn interface.zone based firewall will also be used in this.

the ether service module will have application hosts connected.

these application hosts has to be available via vpn when remote user connects via site to site vpn over isp-1 interface to these applications.

will it work if vlan 15 ( gig0/2/0 ) of router is connected to ether service module , in which hosts will be there.

i have posted a starting configuration . please help if the configuration will work & suggest corrections.

thanks in advance.

fadlouni · ‎01-01-2011

Hi.

It will work, but you have configured the gig0/2/0 in a not direct way.

interface GigabitEthernet0/2/0
description lan to lan vpn
switchport access vlan 15
switchport trunk native vlan 15
switchport mode trunk

interface Vlan15
description lan to lan vpn
ip address 10.12.14.1 255.255.248.0
ip nat inside
ip virtual-reassembly in
zone-member security VPN

you configured gig0/2/0 to be a trunk trunking all vlans, with native vlan 15. that means any non dot1q/isl tagged packets will belong to vlan 15. however since you're not using other vlans on the router then why make gig0/2/0 a trunk and not simply an access port?.

unless you want to add other interface Vlans later on the router to use other vlans i don't see why this is needed?

But in short, yes, this should work (of course if the vpn and firewall configuration sections allow it).

Regards,

Fadi.

View solution in original post

fadlouni · ‎01-01-2011

Hi.