12-22-2010 09:07 AM - edited 03-11-2019 12:26 PM
Hi,
A 2811 router has an ether service module in router.
internet-1 interface is to be used as lan to lan vpn interface.zone based firewall will also be used in this.
the ether service module will have application hosts connected.
these application hosts has to be available via vpn when remote user connects via site to site vpn over isp-1 interface to these applications.
will it work if vlan 15 ( gig0/2/0 ) of router is connected to ether service module , in which hosts will be there.
i have posted a starting configuration . please help if the configuration will work & suggest corrections.
thanks in advance.
Solved! Go to Solution.
01-01-2011 11:54 PM
Hi.
It will work, but you have configured the gig0/2/0 in a not direct way.
interface GigabitEthernet0/2/0
description lan to lan vpn
switchport access vlan 15
switchport trunk native vlan 15
switchport mode trunk
interface Vlan15
description lan to lan vpn
ip address 10.12.14.1 255.255.248.0
ip nat inside
ip virtual-reassembly in
zone-member security VPN
you configured gig0/2/0 to be a trunk trunking all vlans, with native vlan 15. that means any non dot1q/isl tagged packets will belong to vlan 15. however since you're not using other vlans on the router then why make gig0/2/0 a trunk and not simply an access port?.
unless you want to add other interface Vlans later on the router to use other vlans i don't see why this is needed?
But in short, yes, this should work (of course if the vpn and firewall configuration sections allow it).
Regards,
Fadi.
01-01-2011 11:54 PM
Hi.
It will work, but you have configured the gig0/2/0 in a not direct way.
interface GigabitEthernet0/2/0
description lan to lan vpn
switchport access vlan 15
switchport trunk native vlan 15
switchport mode trunk
interface Vlan15
description lan to lan vpn
ip address 10.12.14.1 255.255.248.0
ip nat inside
ip virtual-reassembly in
zone-member security VPN
you configured gig0/2/0 to be a trunk trunking all vlans, with native vlan 15. that means any non dot1q/isl tagged packets will belong to vlan 15. however since you're not using other vlans on the router then why make gig0/2/0 a trunk and not simply an access port?.
unless you want to add other interface Vlans later on the router to use other vlans i don't see why this is needed?
But in short, yes, this should work (of course if the vpn and firewall configuration sections allow it).
Regards,
Fadi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide