Me and my friend is currently setting up a Xen test environment.
As you can se from the picture below we are running a Cisco ASA 5505 to reach the network from the outside.
But the problem is that we want to reach the virtual pfSense's subnet's through the Cisco AnyConnect VPN.
And currently the pfSense's are only configured with a public ip and a virtual interface to the VM's.
We could be lazy and do a tunnel to the Cisco from each pfSense. I guess that could be a temporarily solution.
Or we could solve this problem by buying another PCI NIC, so that we have a physical link from the "pfSense box" to a tagged VLAN on the switch.
But we are having problems configuring the switch to general vlan's. Cause Xen can't have it's management interface on a tagged VLAN directly from the XenServer,
but the switch can tag the packet when it reaches the switchport.
Does anyone have any idea on how to solve this?
I would like to have "switchport general allowed vlan 2" for admin and 10 for "LAN"
And then trunk the port to the Cisco ASA.
But again, Xen stops me from doing this.