Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
3
Replies

Adding Second VLAN to Site-to-Site IPsec Tunnel between ASA and FPR

Serpent2010
Level 1
Level 1

‎09-10-2023 10:25 AM

Hellow everyone,

I have a HQ network with FPR 9k connected Site-to-Site VPN to branch office ASA5506.

Currently, the protected VLAN2010 is a single VLAN and I wanted to add a second VLAN to this VPN tunnel.

Upon adding the new VLAN2020, the branch no more aquired IP address from HQVLAN2010.

HQ (FPR9k) ------ S2S ------ OB (ASA) -- L2 Switch

Would be possible t add the second VLAN2020 to the tunnel or do I need a new topology using HUB & SPOKE?

Any advice?

 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎09-10-2023 10:52 AM - edited ‎09-10-2023 11:04 AM

@Serpent2010 you will need to modify the existing VPN topology to include the second network.

On the FTD configuration you add an additional protected network (for an object that represents VLAN 2020 network) and on the ASA you need to amend the crypto ACL for the VPN to the FPR9K.

0 Helpful

Serpent2010
Level 1
Level 1
In response to Rob Ingram

‎09-10-2023 01:52 PM

Thanks for the reply,

So, I donot need for L3 switch in order to achieve this, correct?

0 Helpful

Rob Ingram
VIP
VIP
In response to Serpent2010

‎09-10-2023 01:56 PM

@Serpent2010 you'll need the VLANs configured on the local switches, which will then route traffic to the firewalls and the aforementioned modifications to the VPN configuration.

0 Helpful
Customers Also Viewed These Support Documents