This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN over VPN, is it possible?

Dear experts,

We have a local LAN connected remotely using an IPsec VPN...

Since we are using windows clustering service, we need to create the heartbeat interface
to be transparently connected. We would like to establish a VLAN between the two sites.

On both sites, the Astaro is on a Virtual Machine (ESXi) with the INTEL/Pro NIC.

Is it actually possible to establish a VLAN going thru the VPN?

Thanks a lot!
Neko


This thread was automatically locked due to age.
Parents
  • I've never heard of this before, but apparently there is such a thing as 802.1Q tunneling.

    You could make a request for this at Astaro Gateway Feature Requests

    Do note however than you CAN have multiple networks on one tunnel with Astaro IPSEC VPNs; I would think that would be all you would need.

    Barry
  • Hello this is my topology.  The connection between Site 1 and Site 2 is IPsec VPN

    How to do so that clients from Site 2 be able to access the file server in Site 1 network? File server is in VLAN 130. 

    In network Site 2 not defined VLAN. I use 2 device Sophos XG Firewall

    How can I do to VLANs over Ipsec Site-to-Site VPN

  • Hi Stilian,

    There is no need to do VLANs over an IPsec tunnel.  In fact, VLANs are at Layer 2 and cannot be passed through an IPsec tunnel.

    All you need is to properly define the tunnel on both sides without worrying that there's a VLAN on one side.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    he's talking about heartbeat. That musst be in the same VLAN (as I know). 

    An other way would be an UTM-RED-Tunnel. Here you can transmit VLANs over VPN. But I'm not familiar with the XG series and if there it is also possible to build UTM-RED tunnels.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

Reply
  • Hi Bob,

    he's talking about heartbeat. That musst be in the same VLAN (as I know). 

    An other way would be an UTM-RED-Tunnel. Here you can transmit VLANs over VPN. But I'm not familiar with the XG series and if there it is also possible to build UTM-RED tunnels.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-

Children
  • Manu nailed it.  I read right past the heartbeat issue.  A RED is a Remote Ethernet Device - like having a long cable connected.  I also don't know if RED is supported on XG.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Neko, I think your issue is better placed in the XG Firewall forum. There are the geeks for what is possible with the XG and what not ;-).

    BTW for all other readers here: it is also possible to build RED-tunnels between two UTMs. So we manage two of our branch offices with only MPLS to the headquarter and can build new networks without to ask the provider everytime to route them over MPLS.

    Viele Grüße / Best Regards,
    Manu

    - CISO -
    - Sophos SCA & Partner-