What Hardware to Bridging Two Networks over DSL?

Archived from groups: comp.dcom.lans.ethernet (More info?)

Office 1 has DSL/Static IP In Dallas, Texas
Office 2 has DSL/Static IP In Fort Worth, Texas

I have set up a VPN using Linksys BEFSX41, but that requires that
office 1 and office 2 be on a different subnet...The devices can ping
each other across the network, but I would like them all to be on
192.168.2.xxx

So I'm wanting to BRIDGE the two LANS, right? I've heard that some
VPN hardware has a "bridge" mode, but I can't find any hardware to do
this. Please help.

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <14b5a25b.0411230952.7edaf283@posting.google.com>,
Ant Judy <antjudy01@yahoo.com> wrote:
:I have set up a VPN using Linksys BEFSX41, but that requires that
ffice 1 and office 2 be on a different subnet...The devices can ping
:each other across the network, but I would like them all to be on
:192.168.2.xxx

Why? If they are bridged, then all broadcast traffic will have to
cross the bridge. Broadcast traffic can include ARPs, NETBIOS, DHCP,
ntp, and other fun things.


:So I'm wanting to BRIDGE the two LANS, right?

That would be the term.

: I've heard that some
:VPN hardware has a "bridge" mode, but I can't find any hardware to do
:this.

On the VPN side, try searching for "network extension mode"
(e.g., the PIX 501 or 506/506E acting as a VPN client to an EzVPN server).


Note: you will note be able to do what you want using IPSec as the
VPN. IPSec can operate in two modes, and in one of the modes the traffic
is essentially bridged, but the RFCs for IPSec *define* that mode
as being invalid for traffic through a security gateway (a device that
is processing security on behalf of something else). The RFC's
do allow that mode for traffic -to- the security gateway itself for
the purpose of controlling the security gateway: for the purposes
of such traffic, the security gateway is, de facto, a "security endpoint"
and IPSec bridging is allowed between two security endpoints.


The device feature that you are looking for is sometimes called
"remote bridging". "Remote bridging" in its original form is often
only configurable over serial interfaces (point-to-point links.)
Configuring remote bridging over the Internet usually requires
encapsulating the packets for transmission, such as by using GRE
(Generic Router Encapsulation).

If memory serves me, Cisco supports GRE on some models of their
SOHO line, on their 800 series access devices, and on their 1700 series
modular routers. (On the 1600 series too, but you would generally go
for a 1700 series over a 1600 series.)

You mentioned DSL, but you did not happen to mention whether that was
ADSL or SDSL (or other), and you did not happen to mention
uplink and downlink speeds. One thing you really want to avoid
happening when you are doing remote briding, is having a "master
browser" elected on the far side of the link from the side that
has a noticably bigger population of hosts: if that happens, then
all the NETBIOS resource looking and registration has to go over the
uplink (which might only be 128 Kbit/s) to the other end. If the
master browser is on the more populated side, then most of that NETBIOS
traffic will stay local to that larger side.

--
Sub-millibarn resolution bio-hyperdimensional plasmatic space
polyimaging is just around the corner. -- Corry Lee Smith