I'm trying to extend a VPN further into an organisation:
At the main location I have a private network (call it 192.168.0.0/24) which is connected via a Cisco ASA 5510 to a Draytek ADSL router. The remote location also has a private network (call it 192.168.1.0/24) connected directly to their Draytek ADSL router.
The Cisco ASA and remote Draytek have a site-to-site IPSec VPN configured so that we can talk securely to their internal network devices. This setup is replicated a few times (192.168.2.0/24, etc.).
Is there a way to bring the remote private networks onto ours via VLANs on the ASA, so that I could have a VLAN-capable switch with port 1 on 192.168.1.0, port 2 on 192.168.2.0, etc. for testing and configuration purposes?
Best Answer
Cisco (IOS running) routers or Juniper's SRX line (among many others) can do this bridging a layer 2 segment over GRE, L2TP (or for more complex cases MPLS as CCC or VPLS).
For cheaper options Mikrotik's hardware should also be able to do this.
If you have a spare Linux machine at each end OpenVPN has a bridge mode which should work.
This can get fairly complex quite quickly (for example handling the MTU correctly takes quite a bit of care).