Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VTP over L3 Tunnel

Status
Not open for further replies.
gurner

gurner

Technical User
Feb 13, 2002
522
0
0
US
I wondered if anyone could help suggest a solution to a setup we have at present.

We have at present some, legacy, remote sites using X21 connections to head office, on a fixed line, with a couple of sub-interfaces on the LAN side, with dot1q encapsulation and relevant IP addressing for Data/Voice etc.

What we want to do is replace the X21 with DSL, and to do this, are prepared to put in place a DSL router, and either hang an ASA off of it with an IPSEC vpn, or use a WIC on the 2600 and setup a vpn, to the head office.

However, it is fully expected that our VLAN tagging won't make it to HO, over an a standard IPSEC vpn.

Can anyone suggest a better way to route/tunnel VLAN tagging over an L3 IP connection?

I have looked in to setting up L2TP/pseudowire, or bridged GRE, etc, but keep seeing warnings that it won't tunnel tagged L2, such as VTP, CDP etc.

Does anyone know a good way of doing this, a suggestion of which direction to follow, would be greatly appreciated

Gurner
 
Sort by date Sort by votes
Sorry, that title should read VLAN Tagging over L3 Tunnel

Gurner
 
Upvote 0 Downvote
VTI tunnel, which is a GRE tunnel encrypted with IPSEC, but uses a profile rather than putting the crypto map on any interfaces. As you may know, a GRE tunnel will pass any protocols through, and you would want to encrypt it.

Another thing to note---will your DSL connection have a static IP address? If not, you would need to configure DDNS on the router/ASA. Also, would there be any traffic between this site and the outside, other than through the tunnel, i.e. internet? (I am guessing no, since you were on a very slow frame-relay like network...lol).

If the only traffic will be through the tunnel, a 2600 would work fine, with the correct IOS (IOS firewall, IPS, etc) to stop bad guys at the edge---no worries about the tunnel since it would be encrypted, though...

Myself, I have a 2620XM with Advanced Enterprise 12.4(25d) on my home router, with a WIC-1ADSL and a dynamic DSL connection.

HTH

/

Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1523-2010 by Cisco Systems, Inc.
Compiled Thu 11-Feb-1539 23:02 by ßµ®†Šß€€Š

ROM: System Bootstrap, Version 12.2(7r) [ÝØÝØMØÑ], RELEASE SOFTWARE (fc1)

Edge uptime is 469¼
 
Upvote 0 Downvote
BTW,

1. I have a remote access VPN in my home router

2. I have a VTI tunel from my office to headquarters to connect two Cisco labs together---we pass BGP through, redist OSPF on the inside.

3. The IOS in my signature is just that---my signature, when I had 12.4(25c)---notice the date "Copyright (c) 1523-2010 by Cisco Systems, Inc.", and who compiled the IOS, "Compiled Thu 11-Feb-1539 23:02 by ßµ®†Šß€€Š" and the date I compiled it...I think that was around the Vigenere Cypher came into existence...here's something scary---that's what a "level 7" password on Cisco devices uses---"username bla priv 15 PASSWORD blabla"---that is an easily cracked password, because the encryption technology is from the 1500's! (I think 1500's...).

4. It did not allow me enough room to show that my router had been up for 469 1/4 years...lol

/

Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1523-2010 by Cisco Systems, Inc.
Compiled Thu 11-Feb-1539 23:02 by ßµ®†Šß€€Š

ROM: System Bootstrap, Version 12.2(7r) [ÝØÝØMØÑ], RELEASE SOFTWARE (fc1)

Edge uptime is 469¼
 
Upvote 0 Downvote
Now to bug you with some interesting reading...BTW, if you need help implementing a VTI tunnel, let me know---it is easily found on the internet...


Now for the "interesting reading"...




and PERL code---this is one of the most awesome samples of PERL I have ever seen---because of the art! You MUST have a look-see of THIS one!


Jave Phun!

/

Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1523-2010 by Cisco Systems, Inc.
Compiled Thu 11-Feb-1539 23:02 by ßµ®†Šß€€Š

ROM: System Bootstrap, Version 12.2(7r) [ÝØÝØMØÑ], RELEASE SOFTWARE (fc1)

Edge uptime is 469¼
 
Upvote 0 Downvote
Thanks for these, looks like i've got some reading, ha

our city offices are coming off EES and SHDS circuits, and, (UK) county wide G703 and X21, cost savings eh? should have been done a longtime ago

Cheers

Gurner
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
55
CASSBusinessSystems
CASSBusinessSystems
Mogles49
  • Locked
  • Question
tshooting-tunnels
Replies
0
Views
27
Mogles49
Mogles49
DrB0b
  • Locked
  • Question
Cisco SG300-28PP PoE Switch issue enabling L3
Replies
2
Views
75
CASSBusinessSystems
CASSBusinessSystems
Punk6296
  • Locked
  • Question
slow WAN download speeds over UC540
Replies
0
Views
44
Punk6296
Punk6296
DigitalG
  • Locked
  • Question
cisco rv180 vpn tunnel between a rv130
Replies
0
Views
33
DigitalG
DigitalG

Part and Inventory Search

Sponsor

Back
Top