Arjan,
> -----Original Message-----
> Sent: Wednesday, February 10, 2010 8:33 AM
> To: ccielab_at_groupstudy.com
> Subject: VRF aware VLAN mapping
>
> route inside30 0.0.0.0 0.0.0.0 10.1.30.1 4
>
> But how can we map users to the respective VLAN interfaces with a group
> policy
> and can we force the traffic to use the same outside interface for
> return
> traffic in combination with the crypto-maps?
> Has anyone experience or a example how to solve this?
>
You're going to have a problem using the ASA for this. What you really want are virtualized tables on your ASA and you could accomplish this with multiple context firewalls, but then you wouldn't be able to use the VPN. If you use the VPN on the ASA, you can't support source routing, so you're in the same boat. Your best bet might be a couple of 3xxx ISRs to terminate the VPN traffic or change your remote peers to use the single outside address on the ASA.
-ryan
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 10 2010 - 13:44:11 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART