Announcement

Collapse
No announcement yet.

Vlan to different network via tunnel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vlan to different network via tunnel

    Hi Everyone,
    A brief description of what I am trying to do - We have a network (Lets call it public network, vlan 100) which is not on our inside network (it's behind a router + ISA firewall). For disaster recovery purposes, we want to install servers on this network, at another site (Lets call this inside network, vlan 20). We don't want to do this via bringing the Vlan across, due to security implications, and also that the Public network is behind an ISA.

    I have been trying to setup a tunnel to bridge the 2. My idea, is, setup vlan 100 on the inside network, with an ip on that network. I will have a Cisco 2800 series router hanging off the switch, on vlan 100 on one port, vlan 20 the other, with a routable loopback interface.

    I Will then have another Cisco 2800 series router hanging off the Public network, with 1 interface on vlan 100, and the other interface on a seperate network (inside network, different vlan), again with loopback interface. This was done as the ISA wasn't playing ball, blocking traffic, and we have got desperate, so are bypassing the ISA. We will only route tunnel traffic through this back door, everything else is routed the normal way through the ISA.


    Tunnel seems to be up, but I can't work out how to route tunnel traffic through the tunnel! Any chance anyone has any ideas?

    Cheers!


    Definitions:
    192.168.1.1 (Loopback int of router 1)
    192.168.2.1 (Loopback int of router 2)
    Vlan 100 (This is the Vlan that I want to tunnel to different network)
    Vlan 20 (This is local vlan of site where i want server
    192.168.100.132 (This is IP of the server I want to install)


    ROUTER 1:

    l2tp-class vlantunnel1
    authentication
    password passwordexample
    cookie size 8

    pseudowire-class vlantunnel1
    encapsulation l2tpv3
    protocol l2tpv3 vlantunnel1
    ip local interface Loopback0

    bridge irb
    !
    !
    !
    interface Loopback0
    ip address 192.168.1.1 255.255.255.255
    !
    interface FastEthernet0/0
    ip address bb.bb.bb.bb (used to talk to Public Net Router)
    duplex full
    speed 10
    !
    interface FastEthernet0/0.100
    encapsulation dot1Q 100
    no cdp enable
    xconnect 192.168.2.1 1 pw-class vlantunnel1

    interface FastEthernet0/1
    ip address aa.aa.aa.aa (inside network ip address used to talk bypass isa)
    duplex auto
    speed auto
    !
    ip default-gateway 192.168.100.254 (gateway of vlan 100)
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 aa.aa.aa.aa (This is the gateway of fa0/0 address' network)
    ip route 192.168.100.0 255.255.255.0 bb.bb.bb.bb
    ip route 192.168.100.132 255.255.255.255 192.168.2.1 (This is the server I want off site - this route is what I don't think is right)

    bridge 1 protocol ieee



    ROUTER 2:

    l2tp-class vlantunnel1
    authentication
    password passwordexample
    cookie size 8

    pseudowire-class vlantunnel1
    encapsulation l2tpv3
    protocol l2tpv3 vlantunnel1
    ip local interface Loopback0

    interface Loopback0
    ip address 192.168.2.1 255.255.255.255
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.100
    encapsulation dot1Q 100
    no cdp enable
    xconnect 192.168.1.1 1 pw-class vlantunnel1
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.20
    encapsulation dot1Q 20
    ip address cc.cc.cc.cc (IP of local LAN, routable, and talking to network)
    !
    ip default-gateway dd.dd.dd.dd (IP of vlan 20's default gateway)
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 dd.dd.dd.dd

    bridge 1 protocol ieee

  • #2
    Re: Vlan to different network via tunnel

    i'm not sure...but what about using GRE tunnel between sites???

    Comment


    • #3
      Re: Vlan to different network via tunnel

      Hi,
      All sorted now after a bit of direction. I was almost there, just a couple of bits changed and it works!

      I now have a vlan in a remote location / network, with full connectivity, just as if i was connected locally.

      Reason i need this, is that the vlan i wanted remotely is actually in a dmz, not inside network, but i want to host a server at a remote site for DR purposes.


      The config i used is below in case anyone else needs this. You just do the same at both ends - and for the xconnect, just set this to the other ends' ip.


      l2tp-class tunnel_name
      authentication
      password password_here
      cookie size 8

      pseudowire-class tunnel_name
      encapsulation l2tpv3
      protocol l2tpv3 tunnel_name
      ip local interface FastEthernet0/1
      ip pmtu

      bridge irb

      interface FastEthernet0/0
      description Vlan_Wanted
      no ip address
      duplex auto
      speed auto
      no cdp enable
      xconnect ip_of_other_end 1 encapsulation l2tpv3 pw-class tunnel_name

      interface FastEthernet0/1
      description Routable_address_int
      ip address Routable_address
      duplex auto
      speed auto

      ip default-gateway local_gateway
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 local_gateway

      bridge 1 protocol ieee

      Comment

      Working...
      X