routing – How to connect to different VLANs through VPN

VLANs are only useful within a shared L2 infrastructure. VPN is (usually) L3, so you route into the VLANs from the VPN tunnel endpoint (and vice versa, for simplicity I’m referring to the in direction only). The destination address is the L3 subnet, located in a VLAN.

For security, you filter by combination of source address and destination subnet (or address) between the tunnel and the inter-VLAN router. Of course, that implies that you trust the far tunnel endpoint, ie. you can be sure that the source IP has not been spoofed. If that isn’t the case you either need to use other means of user identification or multiple tunnels for the various trust zones.

Routing needs to be consistent, so that all routers on each tunnel side know where to route all subnets. Set up static routes or use a routing protocol like OSPF. In your diagram, the L3 switch and the right-hand router need to know the route to “Remote Device”. In turn, Remote Device needs to have routes for, and pointing into the tunnel. Additionally, the tunnel needs to be able to transport these destination addresses.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker