Hi All,
I am currently implementing an IPSec Tunnel between two XG125s (firmare SFOS 17.5.7 MR-7) that has multiple VLANs at each end:
Head Office:
VLAN10: Data
VLAN100: Voice
Branch Office:
VLAN11: Data
VLAN101: Voice
I currently have the tunnel setup and stable with the following IPSec and Firewall config:
Head Office IPSec Local Subnet: Head Office Data Range, Head office Voice Range
Head Office IPSec Remote Subnet: Branch Office Data Range, Branch Office Voice Range
Head Office Firewall Rule:
Source: Zone: Any; Networks: Head Office Data Range, Head Office Voice Range, Branch Office Data Range, Branch Office Voice Range
Destination: Zone: Any; Networks: Head Office Data Range, Head Office Voice Range, Branch Office Data Range, Branch Office Voice Range
Branch Office IPSec Local Subnet: Branch Office Data Range, Branch Office Voice Range
Branch Office IPSec Remote Subnet: Head Office Data Range, Head office Voice Range
Branch Office Firewall Rule:
Source: Any; Networks: Head Office Data Range, Head Office Voice Range, Branch Office Data Range, Branch Office Voice Range
Destination: Zone: Any; Networks: Head Office Data Range, Head Office Voice Range, Branch Office Data Range, Branch Office Voice Range
I know the above setup is a bit "loose" in terms of security at the moment, but I want to iron out any kinks before applying a higher level of security.
So, my questions are:
1. Is it better to have two tunnels (one for Voice and one for Data) between the two offices?
2. I am pretty sure the answers is Yes, but should I have separate firewall rules for ingress and egress on each of the subnets connected to the tunnel?
3. From a QOS point of view, how can I apply QOS so that the Voice tunnel traffic takes precedence over Data Tunnel traffic?
4. Any other useful tips for a connection like this?
Thanks for your time and insights.
Regards
Mike
This thread was automatically locked due to age.
