Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Sub-interfaces.

From: JGrimshaw () ASAP com
Date: Tue, 14 Oct 2003 11:00:37 -0500
Hi Dave,

What you have proposed is fine.  Provided there is no IP address assigned 
to the physical, then you could set up your tunnels as normal, using the 
sub interfaces on the WAN interface as your interfaces.

I actually believe that is the best way to do it; set up a sub interface 
on your physical interface..  This also assists in testing and 
troubleshooting later on, such as a failover or backup connection. 

When you administratively shut down an interface, the router does not see 
that to be an issue, and there is no failover (if you have some sort of 
redundancy configured).  However, when you have a sub-interface,and you 
shut down the primary that it is connected to, the IOS sees the sub 
interface as failing, allowing you to test the redundancy configuration 
without having to be next to the router to yank the cable.

This also allows you in the future to have multiple channels on the WAN 
link; you could have a few 64k sub interfaces and a 256k sub, for example, 
each with their own tunnels to various customers and whatnot.  It's fairly 
flexible.







Dave <david.morris () curvalue nl> 
10/12/2003 04:48 AM
Please respond to
david.morris () curvalue nl


To

cc

Subject
Cisco Sub-interfaces.







Hi,
                 We are being offered a solution which involves VPN 
private data and internet 
connection over the same physical WAN interface. This interface is on a 
Cisco 
7200 and would be split into 2 logical sub-interfaces. One for private 
data, 
one for internet data. After that it is kept seperate on 2 internal LANs 
so 
is not a concern.

The question is, are there any issues with using subinterfaces for this? 
Can 
data pass between them? Or are they equivalent in security to physical 
interfaces?

I can find no information on this easily. Has anyone any links, or any 
ideas regarding this?

Thanks for any help.

Best Regards,
                                 Dave

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: