dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1
share rss forum feed

tamz273

join:2012-01-11
Boston, MA
reply to aryoba

Re: Hosted VPN Solution - any ideas welcome!

Thats what I was thinking too.. Since its all L2.. My question though is, what IS the domain? is it a /16? where is it determined? The Address pool for the VPN is only a beginning address and end address...

aryoba
Premium,MVM
join:2002-08-22
kudos:4
From a different perspective, I would recommend virtual desktop solution instead of a simple remote IPSec VPN services. A remote IPSec VPN service is not really designed to be providing what you are aiming at since it was designed for a quick way to remote connect to data center or main office. A virtual desktop (i.e. from Citrix) on the other hand is designed to provide what you are aiming.

tamz273

join:2012-01-11
Boston, MA
I think a citrix VDI solution is geared more towards giving virtual machines on a single network, not allowing your machine to join part of a virtual network... But thanks for your suggestion!

I still would like to know how the "domains" are split up.. could you help explains that part?

Network Guy
Premium
join:2000-08-25
New York
kudos:2
Reviews:
·Future Nine Corp..
·T-Mobile US
I think ayroba alluded to a broadcast domain, whereas any member of a VLAN should be able to ping each other within the same VLAN if all hosts are using IP addresses from the same subnet.

There's no splitting up of a broadcast domain when it crosses a VPN tunnel AFAIK. In a tunnel, you have Network A, Network B, etc etc and a route between the two as determined by the routing table.

tamz273

join:2012-01-11
Boston, MA
Right, I agree.. I think he was alluding to that too. My question was "where" that defined..? Is everything in one ISAKMP profile considered one vlan? So other profiles will create other vlans?

Ive realized that if I dont specify a router for the vlan that the IP Pool range is on, I cannot ping other hosts on the same IP pool. If I add an IP to the route-filter ACL, then I can reach other hosts. This only works with I see the router in my "router details" tab in the VPN client..

Network Guy
Premium
join:2000-08-25
New York
kudos:2
Reviews:
·Future Nine Corp..
·T-Mobile US
With an ISAKMP profile, you reference an ACL that the assigned interface uses to forward interesting traffic through the tunnel. This ACL can specify one host or an entire subnet.

I suppose you can trick two tunnel endpoints to act as though it's bridging interesting traffic through the tunnel by using the same subnet on both ends, but I'd think that can cause issues with ARP.