Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 39461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN over VPN, is it possible?

^-^Neko
Dear experts,

We have a local LAN connected remotely using an IPsec VPN...

Since we are using windows clustering service, we need to create the heartbeat interface
to be transparently connected. We would like to establish a VLAN between the two sites.

On both sites, the Astaro is on a Virtual Machine (ESXi) with the INTEL/Pro NIC.

Is it actually possible to establish a VLAN going thru the VPN?

Thanks a lot!
Neko


This thread was automatically locked due to age.
Parents
  • 0

    H Neko,

    From my understanding, it should work as IPSec will just add its header for encryption and authentication to the packet. I guess simply defining the local and remote network in the IPSec policy and a static route to reach the VLAN from the UTM should do the job. I have never come across such scenario so it will be interesting to know if that works.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Sachin, if you check with the developers, I think they will tell you that the UTM strips the VLAN tag upon receiving the packet.  It adds the tag to a packet leaving via a VLAN Interface.  Let us know.

    Cheers - Bob
    PS Can the XG do RED tunnels?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Even if the VLAN tag is stripped off from the packet, the UTM will still forward it on the basis of destination IP address/network on Layer 3. When the receiving UTM see's a packet for VLAN network it will add the tag and forward thorugh the respective interface. I think defining the remote and local network in the IPSec policy, should do the job.

    Let's await reply from Neko once he test's this scenario.

    Yes, XG do RED tunnels.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi all,

    I've spoken today with our windows geek in our admin-team. The windows cluster works with multicast heartbeat. So perhaps it is possible to resolve it via multicast routing.

    But now that we know that XG also do RED tunnels, I think it would be easier to realize it with a RED tunnel.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

Reply
  • 0 in reply to sachingurung

    Hi all,

    I've spoken today with our windows geek in our admin-team. The windows cluster works with multicast heartbeat. So perhaps it is possible to resolve it via multicast routing.

    But now that we know that XG also do RED tunnels, I think it would be easier to realize it with a RED tunnel.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

Children
No Data
Unfiltered HTML