[c-nsp] Multiple VRFs over site-to-site VPN? Possible?
Ge Moua
moua0100 at umn.edu
Tue Feb 1 19:08:17 EST 2011
we are doing a similar setup with l2tpv3 inside vrf-aware ipsec (on
IOS); my preference would be to do this w EoMPLS/Atom (again on IOS)
which also maintains the vlan/mpls vrf integrity; of course this doesn't
answer your question about do this on the asa; i'd be interested too in
knowing how you'd solve this with an ASA setup (as a mental exercise).
--
Regards,
Ge Moua
Network Design Engineer
University of Minnesota | OIT - NTS
--
On 2/1/11 5:20 PM, Jeff Kell wrote:
> Ran across a new requirement where we would like to extend our campus standard multi-VRF
> "routed building" out to a remote site over the public Internet.
>
> Absent the ideal MPLS or multiple-vlan Metro-E, can you do this site-to-site over a pair
> of ASAs?
>
> Ideally it would be something along the lines of:
>
> VRF A vlan 123-->
> VRF B vlan 456-->(terminating on ---> Site ASA ----> Campus ASA ----> Campus PE (VRF A/B/C)
> VRF C vlan 789--> 3560/3750 CE)
>
> Perhaps in simpler terms, bringing the 3 VRF vlans across the wire onto similar VRF
> vlans on the campus side.
>
> On-campus we just run a dot1Q trunk with a vlan for each VRF from CE to PE.
>
> Can you trunk them into the ASA and do separate tunnels over the public IP endpoints,
> dropping them on separate vlans on the other end?
>
> Without meshing the routing / crossing the streams with respect to the VRFs?
>
> Jeff
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list