RE: VRF Lite (inside) and IPSec (outside). from David Prall on 2011-02-19 (Ccielab archives 02/2011)

From: David Prall <dcp_at_dcptech.com>
Date: Sat, 19 Feb 2011 13:04:51 -0500

Haven't done this in a while so it is all off the top of my head. So you'll
have to test and confirm.

David

--
http://dcp.dcptech.com
> -----Original Message-----
> From: Group Study [mailto:gs_at_netengineer.org]
> Sent: Saturday, February 19, 2011 12:42 PM
> To: David Prall
> Cc: Cisco certification
> Subject: Re: VRF Lite (inside) and IPSec (outside).
> 
> Does it matter if the outside interface has an IPSec policy and that
> the global next hop is the other end of the vpn tunnel? And the route
> back is actually a connected route...
> 
> 
> VRF X(192.168.2.x/24) ----Fa0/0---R1---F1/1(IPsec 172.16.1.1) -----
> "cloud" ---- F1/1(IPSec 172.16.1.2)---R2---F0/0(192.168.1.0/24)
> 
> 
> trying to get VRF X subnet to talk to the 192.168.1.0/24 on R2's lan
> interface...
> 
> So on R1:
> ip route vrf X 192.168.1.0 255.255.255.0 global 172.16.1.2
> ip route 192.168.2.0 255.255.255.0 int F0/0 192.168.2.1
> 
> Does that seem right?
> 
> 
> On Sat, Feb 19, 2011 at 12:27 PM, David Prall <dcp_at_dcptech.com> wrote:
> > Ip route vrf XXXX y.y.y.y z.z.z.z global
> > Ip route v.v.v.v z.z.z.z int XXXX v.v.v.1
> >
> > --
> > http://dcp.dcptech.com
> >
> >
> >> -----Original Message-----
> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of
> >> Group Study
> >> Sent: Saturday, February 19, 2011 12:09 PM
> >> To: Cisco certification
> >> Subject: VRF Lite (inside) and IPSec (outside).
> >>
> >> Hi,
> >>
> >> If I wanted to have VRF lite on the "inside" of a router and IPSec
> VPN
> >> on the "outside" (wan) and route leak between the 2. Could that be
> >> done?
> >>
> >> I'm trying to figure out how to do it on another vendor's equipment
> >> that supports vrfs, ipsec, and static routes from a vrf to the
> public
> >> table but was wondering if anyone's had experience doing this.
> >>
> >> Thanks.
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >>
> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sat Feb 19 2011 - 13:04:51 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART