How do I create a VPN to tunnel from one VLAN to another?
I have two main VLAN's: LAN and Management. I want to create an access controlled VPN that would allow me to tunnel from LAN to Management. The key is that I want to be able to do this with the built in Windows VPN client.
The thing that's getting me is that I already have a mobile IPsec VPN set up which authenticates via RADIUS against my Windows AD, and tunnels from the internet to my LAN. In theory I could use another Phase 2 to set up the second tunnel, but the AD Group that controls mobile VPN access is different from the one that controls LAN->Management access, so this won't work. Unfortunately it doesn't appear that I can create another mobile client Phase 1 to use a different RADIUS network policy.
So the other thing I've tried is using the unencrypted L2TP server. This would be fine for the LAN->Management use case because all traffic is encrypted at the application layer (https). Unfortunately, I can't seem to get Windows' VPN to connect to it. Firewall rules are allowing the traffic through, but I think it only really supports L2TP/IPSec, so it's getting "intercepted" by the mobile IPSec VPN.
Does anyone have any ideas on what I could try next?
Bump. Still haven't been able to figure this out.