VPN between CVG and BR100 with VLAN support at CVG site.

  • 2
  • Question
  • Updated 5 years ago
  • Answered
Is it possible to setup an VPN between an CVG and BR100 with support for multiple VLAN's at the CVG site?

At our HQ we have 2 VLAN's. One for data and one for voice. These VLAN's are not routed, so I cant access VLAN voice from VLAN data.

I want to setup an VPN between an CVG and an BR100 and configure the BR100 that ETH1 access the VLAN data and ETH4 access the VLAN voice.

At first I want to do this with an L2 VPN but then I cant configure the lan ports on the BR100.

I can't figure out how to do this.
Is there an manual/tutorial for this?
Photo of Remon Braamse

Remon Braamse

  • 11 Posts
  • 4 Reply Likes

Posted 5 years ago

  • 2
Photo of Paul Levasseur

Paul Levasseur

  • 11 Posts
  • 2 Reply Likes
Hello Remon,
I looked and it seems possible with a layer 2 CVG and a BR100 as an AP. I will not have time to test until Tuesday of next week based on my current schedule.

The idea is, you can still assign different user profiles to ports when the BR100 is the AP. The DHCP will come from the HQ side on the VLAN specified.
Then on the CVG side, you would create two port groups, one with the voice VLAN and one with data VLAN, with promiscuous mode enabled I believe. Then assign to the CVG port that is connected to a switch. I think that would work.

Photo of Paul Levasseur

Paul Levasseur

  • 11 Posts
  • 2 Reply Likes
ps.. on the CVG site, I meant to say, on ESXi, you create two port groups. Instead of a layer 2 CVG, you can also use an AP300 series as the layer 2 VPN server.
Photo of Jason Hills

Jason Hills

  • 78 Posts
  • 3 Reply Likes
Just to clarify....
To avoid the use of a CVG VA to terminate an IPSec VPN, could an AP330 be used instead of a ESXi server?
This may be more salable to or client, who could install an AP330 in their Head office to have some WiFi benefits, while still being able to deliver a branch on demand VPN solution.

Are there any major limitations regarding number of tunnels/branches?
The application I am planning is for 40 offices, where each office will have 2 to 4 people.

thanks,
Jason
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Jason,
At this point in time the APs and BRs are IPSec tunnel initiators only, they cannot act as responders.
Photo of Remon Braamse

Remon Braamse

  • 11 Posts
  • 4 Reply Likes
Hi Paul,

Thanks for you answer. This week I will try to get it working.
When I use the CVG, must i set the VLAN's tagged on the CVG's LAN interface?