- Posts: 2
- Thank you received: 0
Site to Site VPN and Vlans
14 years 5 months ago #34695
by acdc
Site to Site VPN and Vlans was created by acdc
Hello All
I was wondering if someone could tell me if this is possible
We have a ASA5510 connected to a ASA5505 over a ipsec STS VPN.
Within our network we have 3 wireless vlans (one being a guest network), and we want to get these wireless vlans within the remote site.
Is this possible to do over the site to site link?
I was wondering if someone could tell me if this is possible
We have a ASA5510 connected to a ASA5505 over a ipsec STS VPN.
Within our network we have 3 wireless vlans (one being a guest network), and we want to get these wireless vlans within the remote site.
Is this possible to do over the site to site link?
- skepticals
- Offline
- Elite Member
-
Less
More
- Posts: 783
- Thank you received: 0
14 years 5 months ago #34699
by skepticals
Replied by skepticals on topic Re: Site to Site VPN and Vlans
Shouldn't be a problem. I would nee a little bit more info. Are you going to have the same VLANs at both sides? Or do you just need the 3 VLANs to have access to the remote site? You just need to configure routes to the other side.
14 years 5 months ago #34706
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Site to Site VPN and Vlans
skepticals, I think they simply want to route these wireless networks access the remote site - or at least that's what I understand.
acdc, here's what you need to do on each end:
1) Create a static nat mapping, ensuring these networks are NOT being nat'ed from the asa firewall on the site they exist:
e.g assume the wireless networks are 192.168.1.0/24 & 192.168.2.0/24
static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
2) On the ASA where these networks exist, you'll have a access list where you specify the tunnelled traffic (the traffic that needs to pass through the vpn) using a state like this:
crypto map outside_map 50 match address remote_site
You'll need to add to the existing access list a statement permitting traffic between the networks:
access-list remote_site extended permit ip 192.168.1.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list remote_site extended permit ip 192.168.2.0 255.255.255.0 192.168.40.0 255.255.255.0
You'll need to add the appropriate ACL on the remote site ASA as well, to ensure the remote network can contact these wireless networks.
With out knowing your topology, this should be all you need to get routing happening.
Cheers,
acdc, here's what you need to do on each end:
1) Create a static nat mapping, ensuring these networks are NOT being nat'ed from the asa firewall on the site they exist:
e.g assume the wireless networks are 192.168.1.0/24 & 192.168.2.0/24
static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (inside,outside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
2) On the ASA where these networks exist, you'll have a access list where you specify the tunnelled traffic (the traffic that needs to pass through the vpn) using a state like this:
crypto map outside_map 50 match address remote_site
You'll need to add to the existing access list a statement permitting traffic between the networks:
access-list remote_site extended permit ip 192.168.1.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list remote_site extended permit ip 192.168.2.0 255.255.255.0 192.168.40.0 255.255.255.0
You'll need to add the appropriate ACL on the remote site ASA as well, to ensure the remote network can contact these wireless networks.
With out knowing your topology, this should be all you need to get routing happening.
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
- skepticals
- Offline
- Elite Member
-
Less
More
- Posts: 783
- Thank you received: 0
14 years 5 months ago #34718
by skepticals
Replied by skepticals on topic Re: Site to Site VPN and Vlans
That's what I thought they wanted, but I wanted to clarify. Thanks for the information.
14 years 5 months ago #34722
by acdc
Replied by acdc on topic Re: Site to Site VPN and Vlans
Yeah all i want to do is carry the vlans from our main site to the remote site.
Thanks for the reply, i will give this a go.
Thanks for the reply, i will give this a go.
14 years 5 months ago #34817
by biblexy
Replied by biblexy on topic Re: Site to Site VPN and Vlans
How do i create a proxy gateway for a vpn connection? I'm trying to setup a http or socks proxy which will route all traffic to a vpn connection. This is on linux.
_____________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator
_____________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator
Time to create page: 0.132 seconds