10-21-2010 06:51 AM
We have a situation where we must cluster 2 enterprise servers that are geographically separated. The clustering software will only work if one of the connections on both servers are on the same network segment. I've been told by the vendor that this was accomplished in the past via a VLAN. Is it possible to send a VLAN via an encrypted IPSEC VPN using an ASA 5510? If so, how is it accomplished and how would that address be advertised out? I know this is a bit of a complicated questions, so thanks in advance for the effort.
Solved! Go to Solution.
10-21-2010 09:22 AM
It's not possible, a VLAN is defined on layer2, an ipsec tunnel encrypts IP packets, and so works from layer3. You need switching tehcnology for this, like dark fibre, or EoMPLS if you have an mpls connection between your sites. You could look into L2TP, might be able to do what you need, but i believe it's not available in the new asa versions >7.x
10-21-2010 07:26 AM
Charles,
It does sound a bit odd. I don't reall understand the phrase "one of the connections on both servers are on the same network segment".
Does it mean that client needs to to keep connection with servers on local subnet for server (directly connected network) or do both need to keep a session with each other, or both with a client... can you alleborate?
Regarding vlans assignment, what you can do on the ASA is to spcify vlan for egress packets:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1549174
Marcin
10-21-2010 09:22 AM
It's not possible, a VLAN is defined on layer2, an ipsec tunnel encrypts IP packets, and so works from layer3. You need switching tehcnology for this, like dark fibre, or EoMPLS if you have an mpls connection between your sites. You could look into L2TP, might be able to do what you need, but i believe it's not available in the new asa versions >7.x
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide