Tunneling query

tunnel

I'm researching various tunneling technologies and I have a fairly good understanding covering some of the basics. In a site-to-site VPN the edge routers could appear as only one hop away. I've also read that it's possible to make it appear as a flat network i.e. everything on the same LAN. This is the piece i am missing, can someone help me to understand how this is possible?

Best Answer

I've also read that it's possible to make it appear as a flat network i.e. everything on the same LAN. This is the piece i am missing, can someone help me to understand how this is possible?

Some tunneling technologies provide Ethernet over IP services. For instance, research about these topics:

L2TPv3
EoMPLS
VXLAN
EtherIP (RFC3378)
Ethernet over GRE
Cisco OTV (Overlay Transport Virtualization)

Related Solutions

How to block ssh tunneling traffic

Preventing outbound ssh connections, and thus any tunnels, would require a complete blockade of outbound connections via deep packet inspection. Looking at ports will be 100% useless. You have to look at the actual packet payload to know it's SSH. (this is what websense is doing.)

The only other option is setting up a "proxy" host. Lock down the configuration so the ssh client and server will not allow tunneling, then allow only that machine to make outbound ssh connections -- of course, this includes securing the system as well, otherwise people can run whatever ssh software they want.

Vpn – Sonicwall not fowarding VPN traffic over tunnel

I had this problem but after trial/error finally fixed it. Before I start, let me just say that sonicwall documentation and support has gotten so much worse since the acquisition by Dell that I am moving away from sonicwall to almost any other solution (hi cisco + pan) when our support contract is up.

So I followed the rev b document 'configuring sonicos for amazon vpc' also. I configured it with dynamic tunnels with bgp (just because) and it came up. Not that the config document helped because the cli commands don't match with the reality of sonicwall firmware 5.9 on an nsa3500.

After getting the tunnels up and running and the bgp routes advertised, I could not route traffic from our lan (192.168.0.0/16) to the subnet of our vpc on amazon (10.23.0.0/16). I was convinced it was firewall rules until I took another look at the sonicwall routing table.

Basically, I had to create in the gui rules that should have been declared in the bgp cli config, and were not at all mentioned in the rev b config doc.

The rules I created were

source: any
destination : amazon vpc subnet 10.23.0.0/16
service: any
tos: any
gateway: 0.0.0.0
interface: ti2

I did another rule exactly the same for the ti3 tunnel interface.

Suddenly I was able to ssh into the ec2 instances instead of just being able to ping them.

I'm so upset with at sonicwall / dell.

Hope this helps somebody. Conversely, if there are any thoughts on how to improve this I'm all ears.

Best Answer

Related Solutions

How to block ssh tunneling traffic

Vpn – Sonicwall not fowarding VPN traffic over tunnel

Related Topic