VPN questions
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
I am currently upgrading my router to an IOS version that can handle Zone Based Firewalls. In the mean time, I have a few questions.
I know VPNs can be implemented on the lan, but can the be implemented between certain sub interfaces on the same (or different) routers. For an example say you have this config
R1 >> R2
R1 has s0.01 (ip address 10.0.1.1) and R2 has s0.01 (10.0.1.2)
R2 has s0.02 (ip address 10.0.2.1) and R2 has s0.02 (10.0.2.2)
Could you implement a VPN over these point to point interfaces.
Is it possible to implement a vpn over sub interfaces on the same router?
Lets say R1 fe port is running dot1q and there are "special" vlans that need extra security. Could you have a vpn running between certain subinterfaces?
I know VPNs can be implemented on the lan, but can the be implemented between certain sub interfaces on the same (or different) routers. For an example say you have this config
R1 >> R2
R1 has s0.01 (ip address 10.0.1.1) and R2 has s0.01 (10.0.1.2)
R2 has s0.02 (ip address 10.0.2.1) and R2 has s0.02 (10.0.2.2)
Could you implement a VPN over these point to point interfaces.
Is it possible to implement a vpn over sub interfaces on the same router?
Lets say R1 fe port is running dot1q and there are "special" vlans that need extra security. Could you have a vpn running between certain subinterfaces?
Comments
-
networker050184 Mod Posts: 11,962 ModBetween two routers point to point yes. I don't think you can configure an IPSEC VPN from a router back to itself though.An expert is a man who has made all the mistakes which can be made.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□networker050184 wrote: »Between two routers point to point yes. I don't think you can configure an IPSEC VPN from a router back to itself though.
Thanks. I was looking at the ISCW CBTs and it wasn't clear. It just stated that you could do a lan based vpn (rather than the traditional wan based vpn). Now that I think about my second question, it would be stupid. There would be no key exchange because it would be the same router. ...
I need to brush up on vpns before the test.