Re: VRF Lite (inside) and IPSec (outside).

Does it matter if the outside interface has an IPSec policy and that
the global next hop is the other end of the vpn tunnel? And the route
back is actually a connected route...

VRF X(192.168.2.x/24) ----Fa0/0---R1---F1/1(IPsec 172.16.1.1) -----
"cloud" ---- F1/1(IPSec 172.16.1.2)---R2---F0/0(192.168.1.0/24)

trying to get VRF X subnet to talk to the 192.168.1.0/24 on R2's lan
interface...

So on R1:
ip route vrf X 192.168.1.0 255.255.255.0 global 172.16.1.2
ip route 192.168.2.0 255.255.255.0 int F0/0 192.168.2.1

Does that seem right?

On Sat, Feb 19, 2011 at 12:27 PM, David Prall <dcp_at_dcptech.com> wrote:
> Ip route vrf XXXX y.y.y.y z.z.z.z global
> Ip route v.v.v.v z.z.z.z int XXXX v.v.v.1
>
> --
> http://dcp.dcptech.com
>
>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Group Study
>> Sent: Saturday, February 19, 2011 12:09 PM
>> To: Cisco certification
>> Subject: VRF Lite (inside) and IPSec (outside).
>>
>> Hi,
>>
>> If I wanted to have VRF lite on the "inside" of a router and IPSec VPN
>> on the "outside" (wan) and route leak between the 2. Could that be
>> done?
>>
>> I'm trying to figure out how to do it on another vendor's equipment
>> that supports vrfs, ipsec, and static routes from a vrf to the public
>> table but was wondering if anyone's had experience doing this.
>>
>> Thanks.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Feb 19 2011 - 12:42:01 ART