Table of contents

10.6 Build a LAN-to-LAN VPN (Using L3 IP Routing)

    Table of contents
    You are currently comparing two old versions - only when you are comparing against the latest version can you revert. Return to version archive.

    Combined revision comparison

    Comparing version 19:11, 3 Mar 2013 by genya with version 17:49, 4 Mar 2013 by yagi.

    ...

    After reading section # 10.5Build a LAN-to-LAN VPN (Using L2 Bridge)# you know how to connect multiple LANs together into a single layer 2 (Ethernet) segment, forming a LAN-to-LAN VPN.

    ...

    Please refer to section # 3.8Virtual Layer 3 Switches# for a summary of Virtual Layer 3 Switching and how to use it.

    ...

    This section will give the pros and cons of setting up a LAN-to-LAN VPN that performs IP routing between LANs through Virtual Layer 3 Switching as opposed to setting up one using only bridge connections as explained previously in section #10.5Build a LAN-to-LAN VPN (Using L2 Bridge)#..

    ...

    After the three Virtual Hubs above have been created on the VPN Server in Tokyo, you need to create a single Virtual Layer 3 Switch while looking to section # 3.8Virtual Layer 3 Switches# for reference. Once this is done you have to define a virtual interface to the three Virtual Hubs.

    ...

    10.6.5 Calculating the Number of Required Licenses

    Let's calculate how many licenses will be needed to set up the example network above. You will definitely need a VPN Server product license to receive incoming connections from VPN Bridges. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup. Finally, you have 2 VPN Bridges connecting to the VPN Server, so you will need 2 bridge connection licenses. Only one bridge license is required for all VPN sessions connected through bridge/routing mode regardless of the number of computers on all the networks. Using the Virtual Layer 3 Switching capability does not affect the number of product or bridge licenses required. Thus, the required product licenses and connection licenses are as shown below. VPN Server Standard Edition License x 1 VPN Server Bridge Connect License (1 Site) x 2 Please refer to section #1.3# for more information about the licensing system.  

    10.6.510.6.6 Installing VPN Server On the Main LAN

    ...

    Because the VPN Server must receive incoming VPN connections from the VPN Bridge(s) over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system. (See section #10.2.1#.)10.2 Common Concepts and Knowledge.) Please consult with your network administrator if you are unsure about any of these issues.

    Once VPN Server is installed create the three Virtual Hubs "TOKYO", "OSAKA", and "TSUKUBA" as described in section 10.6.4.#10.6.4#. Next, create a local bridge connection between the "TOKYO" Virtual Hub and the Tokyo LAN and configure the Virtual Layer 3 Switch.

    ...

    10.6.610.6.7 Installing VPN Bridge on the Other LANs

    ...

    10.6.710.6.8 LAN-to-LAN VPN Connection

    Unlike the layer 2 bridge connection configuration described in section #10.5Build a LAN-to-LAN VPN (Using L2 Bridge)#, , using IP routing to create a VPN connection between each LAN does not mean that the computers on each LAN will be able to automatically communicate with each other without any extra configuration.

    ...

     

    10.6.810.6.9 Supplementary Information

    The Virtual Layer 3 Switch can also forward packets to a network beyond the IP network the Virtual Hub connected to directly by the virtual interface is on. Please refer to section 3.8 Virtual Layer 3 Switches#3.8.5# for more information on this topic.

    Version from 19:11, 3 Mar 2013

    This revision modified by genya (Ban)

    ...

    After reading section #10.5# you know how to connect multiple LANs together into a single layer 2 (Ethernet) segment, forming a LAN-to-LAN VPN.

    ...

    Please refer to section #3.8# for a summary of Virtual Layer 3 Switching and how to use it.

    ...

    This section will give the pros and cons of setting up a LAN-to-LAN VPN that performs IP routing between LANs through Virtual Layer 3 Switching as opposed to setting up one using only bridge connections as explained previously in section #10.5#.

    ...

    After the three Virtual Hubs above have been created on the VPN Server in Tokyo, you need to create a single Virtual Layer 3 Switch while looking to section #3.8# for reference. Once this is done you have to define a virtual interface to the three Virtual Hubs.

    ...

    10.6.5 Calculating the Number of Required Licenses

    Let's calculate how many licenses will be needed to set up the example network above. You will definitely need a VPN Server product license to receive incoming connections from VPN Bridges. This example only deals with a small number of connections and does not require clustering capabilities. Thus, the Standard Edition license will provide all the functionality you need for this type of setup.

    Finally, you have 2 VPN Bridges connecting to the VPN Server, so you will need 2 bridge connection licenses.

    Only one bridge license is required for all VPN sessions connected through bridge/routing mode regardless of the number of computers on all the networks.

    Using the Virtual Layer 3 Switching capability does not affect the number of product or bridge licenses required.

    Thus, the required product licenses and connection licenses are as shown below.

    • VPN Server Standard Edition License x 1
    • VPN Server Bridge Connect License (1 Site) x 2

    Please refer to section #1.3# for more information about the licensing system.

    ...

    10.6.6 Installing VPN Server On the Main LAN

    ...

    Because the VPN Server must receive incoming VPN connections from the VPN Bridge(s) over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system. (See section #10.2.1#.) Please consult with your network administrator if you are unsure about any of these issues.

    Once VPN Server is installed create the three Virtual Hubs "TOKYO", "OSAKA", and "TSUKUBA" as described in section #10.6.4#. Next, create a local bridge connection between the "TOKYO" Virtual Hub and the Tokyo LAN and configure the Virtual Layer 3 Switch.

    ...

    10.6.7 Installing VPN Bridge on the Other LANs

    ...

    10.6.8 LAN-to-LAN VPN Connection

    Unlike the layer 2 bridge connection configuration described in section #10.5#, using IP routing to create a VPN connection between each LAN does not mean that the computers on each LAN will be able to automatically communicate with each other without any extra configuration.

    ...

    10.6.9 Supplementary Information

    The Virtual Layer 3 Switch can also forward packets to a network beyond the IP network the Virtual Hub connected to directly by the virtual interface is on. Please refer to section #3.8.5# for more information on this topic.

    Version as of 17:49, 4 Mar 2013

    This revision modified by yagi (Ban)

    ...

    After reading section 10.5Build a LAN-to-LAN VPN (Using L2 Bridge) you know how to connect multiple LANs together into a single layer 2 (Ethernet) segment, forming a LAN-to-LAN VPN.

    ...

    Please refer to section 3.8Virtual Layer 3 Switches for a summary of Virtual Layer 3 Switching and how to use it.

    ...

    This section will give the pros and cons of setting up a LAN-to-LAN VPN that performs IP routing between LANs through Virtual Layer 3 Switching as opposed to setting up one using only bridge connections as explained previously in section 10.5Build a LAN-to-LAN VPN (Using L2 Bridge).

    ...

    After the three Virtual Hubs above have been created on the VPN Server in Tokyo, you need to create a single Virtual Layer 3 Switch while looking to section 3.8Virtual Layer 3 Switches for reference. Once this is done you have to define a virtual interface to the three Virtual Hubs.

    ...

    10.6.5 Installing VPN Server On the Main LAN

    ...

    Because the VPN Server must receive incoming VPN connections from the VPN Bridge(s) over the Internet, it must have a public IP address or be able to receive TCP/IP communication through NAT, a firewall, or a reverse proxy system. (See section 10.2 Common Concepts and Knowledge.) Please consult with your network administrator if you are unsure about any of these issues.

    Once VPN Server is installed create the three Virtual Hubs "TOKYO", "OSAKA", and "TSUKUBA" as described in section 10.6.4. Next, create a local bridge connection between the "TOKYO" Virtual Hub and the Tokyo LAN and configure the Virtual Layer 3 Switch.

    ...

    10.6.6 Installing VPN Bridge on the Other LANs

    ...

    10.6.7 LAN-to-LAN VPN Connection

    Unlike the layer 2 bridge connection configuration described in section 10.5Build a LAN-to-LAN VPN (Using L2 Bridge), using IP routing to create a VPN connection between each LAN does not mean that the computers on each LAN will be able to automatically communicate with each other without any extra configuration.

    ...

    10.6.8 Supplementary Information

    The Virtual Layer 3 Switch can also forward packets to a network beyond the IP network the Virtual Hub connected to directly by the virtual interface is on. Please refer to section 3.8 Virtual Layer 3 Switches for more information on this topic.