[c-nsp] Multiple VRFs over site-to-site VPN? Possible?
Jeff Kell
jeff-kell at utc.edu
Tue Feb 1 18:20:06 EST 2011
Ran across a new requirement where we would like to extend our campus standard multi-VRF
"routed building" out to a remote site over the public Internet.
Absent the ideal MPLS or multiple-vlan Metro-E, can you do this site-to-site over a pair
of ASAs?
Ideally it would be something along the lines of:
VRF A vlan 123-->
VRF B vlan 456-->(terminating on ---> Site ASA ----> Campus ASA ----> Campus PE (VRF A/B/C)
VRF C vlan 789--> 3560/3750 CE)
Perhaps in simpler terms, bringing the 3 VRF vlans across the wire onto similar VRF
vlans on the campus side.
On-campus we just run a dot1Q trunk with a vlan for each VRF from CE to PE.
Can you trunk them into the ASA and do separate tunnels over the public IP endpoints,
dropping them on separate vlans on the other end?
Without meshing the routing / crossing the streams with respect to the VRFs?
Jeff
More information about the cisco-nsp
mailing list