RE: VRF aware VLAN mapping

Under the group-policy xxx attributes, use the command vlan Y.
There's the tunneled key word to let tunneled traffic to use that as the
default gateway:
route inside 0.0.0.0 0.0.0.0 10.1.30.1 tunneled

----------------------------------
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
------------------------------------

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Arjan van 't Hof
Sent: Wednesday, February 10, 2010 9:00 AM
To: Ryan West; ccielab_at_groupstudy.com
Subject: RE: VRF aware VLAN mapping

Ryan,

Do you have any information regarding a Group-policy when using one outside
interface?
How do you map the users to inside vlans?

Regards,

Arjan van 't Hof

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ryan
West
Sent: woensdag 10 februari 2010 14:44
To: Arjan van 't Hof; ccielab_at_groupstudy.com
Subject: RE: VRF aware VLAN mapping

Arjan,

> -----Original Message-----
> Sent: Wednesday, February 10, 2010 8:33 AM
> To: ccielab_at_groupstudy.com
> Subject: VRF aware VLAN mapping
>
> route inside30 0.0.0.0 0.0.0.0 10.1.30.1 4
>
> But how can we map users to the respective VLAN interfaces with a group
> policy
> and can we force the traffic to use the same outside interface for
> return
> traffic in combination with the crypto-maps?
> Has anyone experience or a example how to solve this?
>

You're going to have a problem using the ASA for this. What you really want
are virtualized tables on your ASA and you could accomplish this with
multiple context firewalls, but then you wouldn't be able to use the VPN.
If you use the VPN on the ASA, you can't support source routing, so you're
in the same boat. Your best bet might be a couple of 3xxx ISRs to terminate
the VPN traffic or change your remote peers to use the single outside
address on the ASA.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 10 2010 - 10:02:37 ART