Same subnet on either side of site to site IPSec VPN

IHCowan · ‎01-21-2009

Hi Everyone,

I need to create a site-to-site IPSec VPN tunnel between 2 sites with layer 2 connectivity between the sites. That is, layer 2 broadcasts on one end of the tunnel will be seen on the other end.

Does the ASA5520 support this? If not, what Cisco routers/switches will provide this functionality?

Thanks in advance for your help. Ian.

Yudong Wu · ‎01-21-2009

Could you please explain why you need have this setup?

To my knowledge, Cisco Layer 2 VPN solution is just for carrier/ISP.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6557/ps6603/ps6646/prod_white_paper09186a00800a8442.html

IHCowan · ‎02-09-2009

Hi Kwu2,

Sorry for getting back to you so late.

A vendor is buliding a very large turnkey application for us that needs to be integrated into our network and communicate with existing devices on our network for acceptance testing during their build. They are located in another country. Once built, the system will be delivered to us.

There is a desire to:

- ensure the applications they are building can communicate at Layer 2 (ie. same broadcast domain) to systems currently at our location.

- keep the same IP addresses when the system is shipped to us.

We are not sure that this is an absolute requirement; we will find out in the upcoming weeks. But in the meantime we wanted to know if it was even possible (without getting too involved with our ISPs).

Thx, Ian.

P.S. Our Security Architect said he did this 8 years ago with Nortel VPN devices and is surprised to hear that it is not easy to do with Cisco gear.