Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2108
Views
20
Helpful
9
Replies

Site-to-Site Bridged VPN Between 2 Cisco Devices

infosateng
Level 1
Level 1

‎11-10-2010 09:42 AM

Hello

Is it possible to have a Bridged VPN between 2 Cisco Routers or Firewalls.  If so, I would be grateful if I could a configuration example

Many Thanks

Labels:
0 Helpful
9 Replies 9

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-10-2010 10:15 AM

Hi,

What exactly do you mean by a bridge VPN connection between two devices?

Please provide more details, thank you.

Federico.

0 Helpful

infosateng
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-10-2010 10:21 AM

Hello

I have a number of VLANs at one location and need to have the same VLANs at another location.  Basically, both using same subnets with no routing inbetween.

Thanks

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to infosateng

‎11-10-2010 10:29 AM

Do you have a requirement for IPsec (does the VPN has to be an IPsec VPN)?

I assume that both locations are separated by a WAN? (or just want to protect traffic internally)?

I know that there are methods like L2TPv3 or QinQ to propagate VLAN information across a WAN.

I believe that creating a GRE/IPsec between two remote routers could carry this information.

Federico.

infosateng
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-10-2010 10:32 AM

The connection is through the internet, so which would be the most secure

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to infosateng

‎11-10-2010 10:34 AM

If the connection is over the internet then IPsec is the recommended option because it provides encryption.

I don't think you can use IPsec alone because it encrypts only IP and unicast packets.

If you use GRE, it can encapsulate other protocols and traffic and then protect using IPsec the unicast GRE packets.

Federico.

infosateng
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-10-2010 12:31 PM

Thanks

Do you have a configuration example of GRE with same vlans at both ends.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to infosateng

‎11-10-2010 12:38 PM

This is a link on how to configure GRE protected by IPsec to be able to pass non-IP traffic.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

However, I'm not sure if it's what you need because I don't see an example on how to pass VLAN information across.

This link explains L2TPv3 that is one way to propagate VLAN information across a WAN:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html

Federico.

infosateng
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-10-2010 03:26 PM

Thanks for the information Federico

We can setup a GRE over IPSEC, but I need a config that can  will allow VLAN bridging to take place

Here is the scenario:

Vlan911---switch---trunk---e1 on VPN routerA----e0 --Internet-----e0 on VPN routerB---e1---trunk--switch--vlan911

I want to be able to bridge vlan 911

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to infosateng

‎11-11-2010 05:34 AM

GRE will allow to pass virtually all sort of traffic via a tunnel between two sites over the internet and can have the additional protection of IPsec.

However, as I said I don't see much information about bridging over GRE.

I think that you'll be better with a L2TPv3 configuration between both sites to be able to bridge VLAN information over the internet and across this tunnel.

If there's no need for encryption, then there's no need for using GRE and securing it with IPsec.

Check for the L2TPv3 configuration that I send you.

Federico.

Customers Also Viewed These Support Documents