this certainly looks like what i need.
can i just clarify:-# in the configuration notes below it says set up the GRE tunnel with the same Source/Destination networks as IPSEC.
Is this right?
CONFIGURATION NOTES
Site-to-site IPSEC vpn is configured with source/destination networks on the private Vlans. L2 GRE is configured with the same Source/Destination networks as IPSEC.
At headquarter, Controller also has private/public Vlans. Guest users in a private vlan. Guest Vlan is extended to Guest anchor controller through L2 GRE.
At Datacenter/DMZ, guest anchor controller has both private/public Vlans.