passing vlan traffic over a VPN

huwyhuwy123 · ‎11-11-2011

hi there,

I've been asked to setup a branch office with a cisco switched solution that matches the setup in head office.

The idea is that we can extend the voice, video and data vlans out to the branch office.

However I wasn't sure whether you can pass vlan traffic across a VPN? To complicate matters further the VPN will be formed between 2 watchguard firewalls.

Does anyone know if this is possible?

Cheers,

Al

Reza Sharifi · ‎11-11-2011

Al,

I would question why they want to extend existing vlans across WAN. In most case, that is not necessary. You just need to have 2 local subnets (one for voice and one for data) terminate the subnets on your branch office router and let the router/firewall route them over your VPN.

HTH

Marvin Rhoads · ‎11-12-2011

Possible - not exactly with what you imply is your setup - possibly it can be spoofed with some (non-trivial) effort.

Recommended - no. As Reza stated, routing is the preferred solution set here. There are lots of designs that would enable the business needs without trying to extend / replicate the VLANs.

Kishore Chennupati · ‎11-13-2011

Hi,

This is possible. The vlan traffic would just terminate on a L3 device at each end right? and the subnet would simply be routed across the VPN. So, in short its do-able. The vlan subnets would just become part of the interesting traffic.

HTH

Regards,

Kishore

huwyhuwy123 · ‎11-13-2011

ok thanks for the advice guys. It is much appreciated.