VPN with multi L2 VLAN
Posted: Sun Mar 08, 2020 10:35 pm
Hi everyone in here.
I have been running VPN SITE TO SITE for the last 13 years from my ccr 1036 to various hap lite and rb750 and it has run smoothly. My site to site today run L2TP with EOIP where I have all my VLANs out and added in EOIP.
Now I would like to expand and have thought a lot of thoughts also other forms of VPN here under softthervpn and cisco, but I would very much like to keep mikrotik and preferably settle for my CCR 1036 in the hope it can solve it all.
My extension is that I would like to connect my domain to all my computers when they are away from home and all phones on a mobile network when they are in the world.
This is where I really stopped.
1. I would like my domain to run the radius of my ad over L2TP. If I can't do it with everything else, SSTP will also be an option.
2. Have all mobiles to run on my mobile network also over L2TP and user control is controlled from CCR.
It all has to fit in with I can still run my site to site as I can't turn them down.
I have 4 L2 Vlan:
vlan 2 for my domain
Vlan 5 for HOTSPOT NON Microtics
Vlan 100 to net100
Vlan 200 for mobile networks
Then I have a Vlan 999 since most of my network is cisco and therefore I have set native to 999
I have attached a network drawing that might explain my setup better than just text.
As I said, my VPN SITE TO SITE ran perfectly with all my vlan on, but how can one make the second with computer and mobiles work and can it be overridden when I also have to run site to site?
If you can't do this then I still have 1 line left so I still have the same problem on how to get each vpn to go in one of the assigned vlan?
All traffic goes out through my asa that is also used for other vpn but that is another matter and I do not have vpn licenses enough to be able to connect more clients, so again I would like to utilize my CCR?
Is there anyone who has suggestions for such a setup, preferably a little simple code until I have read something more into the mikrotik world.
Hope some have a good idea.
Regards
Jimmy
I have been running VPN SITE TO SITE for the last 13 years from my ccr 1036 to various hap lite and rb750 and it has run smoothly. My site to site today run L2TP with EOIP where I have all my VLANs out and added in EOIP.
Now I would like to expand and have thought a lot of thoughts also other forms of VPN here under softthervpn and cisco, but I would very much like to keep mikrotik and preferably settle for my CCR 1036 in the hope it can solve it all.
My extension is that I would like to connect my domain to all my computers when they are away from home and all phones on a mobile network when they are in the world.
This is where I really stopped.
1. I would like my domain to run the radius of my ad over L2TP. If I can't do it with everything else, SSTP will also be an option.
2. Have all mobiles to run on my mobile network also over L2TP and user control is controlled from CCR.
It all has to fit in with I can still run my site to site as I can't turn them down.
I have 4 L2 Vlan:
vlan 2 for my domain
Vlan 5 for HOTSPOT NON Microtics
Vlan 100 to net100
Vlan 200 for mobile networks
Then I have a Vlan 999 since most of my network is cisco and therefore I have set native to 999
I have attached a network drawing that might explain my setup better than just text.
As I said, my VPN SITE TO SITE ran perfectly with all my vlan on, but how can one make the second with computer and mobiles work and can it be overridden when I also have to run site to site?
If you can't do this then I still have 1 line left so I still have the same problem on how to get each vpn to go in one of the assigned vlan?
All traffic goes out through my asa that is also used for other vpn but that is another matter and I do not have vpn licenses enough to be able to connect more clients, so again I would like to utilize my CCR?
Is there anyone who has suggestions for such a setup, preferably a little simple code until I have read something more into the mikrotik world.
Hope some have a good idea.
Regards
Jimmy