VPN questions

I am currently upgrading my router to an IOS version that can handle Zone Based Firewalls. In the mean time, I have a few questions.

I know VPNs can be implemented on the lan, but can the be implemented between certain sub interfaces on the same (or different) routers. For an example say you have this config

R1 >> R2

R1 has s0.01 (ip address 10.0.1.1) and R2 has s0.01 (10.0.1.2)
R2 has s0.02 (ip address 10.0.2.1) and R2 has s0.02 (10.0.2.2)
Could you implement a VPN over these point to point interfaces.

Is it possible to implement a vpn over sub interfaces on the same router?

Lets say R1 fe port is running dot1q and there are "special" vlans that need extra security. Could you have a vpn running between certain subinterfaces?

Find more posts tagged with

Comments

networker050184

Between two routers point to point yes. I don't think you can configure an IPSEC VPN from a router back to itself though.

Bl8ckr0uter

networker050184 wrote: »

Between two routers point to point yes. I don't think you can configure an IPSEC VPN from a router back to itself though.

Thanks. I was looking at the ISCW CBTs and it wasn't clear. It just stated that you could do a lan based vpn (rather than the traditional wan based vpn). Now that I think about my second question, it would be stupid. There would be no key exchange because it would be the same router. ...

I need to brush up on vpns before the test.