10-22-2013 07:37 AM
Hi,
Need for another definit answer. Is it possible to route over VPN between two site any subnet or just specified on VPN tunnel networks. Using Firewall policies we could in fact specify multiple subnet to allow to travers between termination points on the tunel. How to understand from that perspecive in the firewall setup the concept of specifying the interface and source and destination?
Andrew
10-28-2013 10:36 AM
Hi Andrew, thank you for using our forum, my name is Luis I am part of the Small business Support community. I think you are a little bit confused with those protocols, a VPN is a connection between two endpoints in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This tunnel establishes a private network that can send data securely by using industry-standard encryption and authentication techniques to secure the data sent. In addition, the connection between two subnet that you specified.
And the firewall is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not.
I hope you find this answer useful
Greetings,
Luis Arias.
Cisco Network Support Engineer.
10-28-2013 11:17 AM
Arias,
Thank you for this info. My problem was related to splitting VLAN traffic (2, 4, 8) over multiple VPN (IPSec) tunnels. That has been accomplished as long as VPN tunnels which each bond a pair on VLANs start/terminate on the same WAN port interface (WAN or DMZ) on RV320. VPN tunnel has predefined source/destination IP subnet, you can not assign multiple subnets but only single pair. Multiple VPN tunnels are therefor required. In my case no interVLAN routing is allowed. I tried to run it over different WAN interfaces pointing to different sites and that is casing problems. Solution is supernetting your internal private network so single IKE policy accepts "all VLANs" regardless of the destination network, and the routing is done exclusively over "matching" VPN tunnel source/destination subnets. I have hub-spoke architecture to implement. Split between networks is 100% locking any cross-vlan leakage, you must reside in the particular VLAN in siteA to access matching remote VLAN in siteB, no other but 1 pair for multiple locations. So far it works I am introducing one at a time, i will see how many is too many... Thank you for support, I might get back to you for more hey you never know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide