Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Site to Site VPN and Vlans

Site to Site VPN and Vlans 6 years 3 months ago #34695

  • acdc
  • acdc's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hello All

I was wondering if someone could tell me if this is possible

We have a ASA5510 connected to a ASA5505 over a ipsec STS VPN.

Within our network we have 3 wireless vlans (one being a guest network), and we want to get these wireless vlans within the remote site.

Is this possible to do over the site to site link?
The administrator has disabled public write access.

Re: Site to Site VPN and Vlans 6 years 3 months ago #34699

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Shouldn't be a problem. I would nee a little bit more info. Are you going to have the same VLANs at both sides? Or do you just need the 3 VLANs to have access to the remote site? You just need to configure routes to the other side.
The administrator has disabled public write access.

Re: Site to Site VPN and Vlans 6 years 3 months ago #34706

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
skepticals, I think they simply want to route these wireless networks access the remote site - or at least that's what I understand.


acdc, here's what you need to do on each end:

1) Create a static nat mapping, ensuring these networks are NOT being nat'ed from the asa firewall on the site they exist:

e.g assume the wireless networks are 192.168.1.0/24 & 192.168.2.0/24

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

2) On the ASA where these networks exist, you'll have a access list where you specify the tunnelled traffic (the traffic that needs to pass through the vpn) using a state like this:

crypto map outside_map 50 match address remote_site

You'll need to add to the existing access list a statement permitting traffic between the networks:

access-list remote_site extended permit ip 192.168.1.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list remote_site extended permit ip 192.168.2.0 255.255.255.0 192.168.40.0 255.255.255.0

You'll need to add the appropriate ACL on the remote site ASA as well, to ensure the remote network can contact these wireless networks.

With out knowing your topology, this should be all you need to get routing happening.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Site to Site VPN and Vlans 6 years 3 months ago #34718

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
That's what I thought they wanted, but I wanted to clarify. Thanks for the information.
The administrator has disabled public write access.

Re: Site to Site VPN and Vlans 6 years 3 months ago #34722

  • acdc
  • acdc's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Yeah all i want to do is carry the vlans from our main site to the remote site.

Thanks for the reply, i will give this a go.
The administrator has disabled public write access.

Re: Site to Site VPN and Vlans 6 years 3 months ago #34817

  • biblexy
  • biblexy's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
How do i create a proxy gateway for a vpn connection? I'm trying to setup a http or socks proxy which will route all traffic to a vpn connection. This is on linux.
_____________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup