LAN to LAN L3 concerns

Posted: Thu Aug 29, 2019 10:29 pm
by amselem

I've successfully built a Lan2Lan VPN using L3/IP Routing, very much like the sample of section 10.6.4 ( ... ork_Layout)

My concern is that if I understood correctly, all the network traffic between a Branch and HQ is being replicated via the cascade connection, then the L3 Switch would "stop" that traffic if it won't belong to the HQ ip range.
I think this may not be very efficient as more branchs are added to HQ, more useless traffic is transmitted over the WAN.

Wouldn't be more efficient to add another L3 switch before the bridge? Something like:
Branch LAN<-->SE Vpn Server with L3 switch<-- Cascade Connection over WAN-->SE Vpn Server with L3 Switch<-->HQ LAN

Although configuring the routing tables is more complicated, the L3 switchs would stop all the traffic whose IP is not intended to be replicated over the WAN.