[nsp] IPSec into VRF
Vladimir Litovka
doka at kiev.sovam.com
Thu Feb 13 18:13:14 EST 2003
Hi,
seems solved by using L2TP with passing attributes from Radius. Config
follows. With this it is possible to use L2TP over IPSec, as described in TAC.
=============================================================================
aaa new-model
aaa authentication ppp default group radius
aaa authorization network default group radius
!
virtual-profile aaa
vpdn enable
!
ip vrf VRFT
rd 12530:3
!
vpdn-group VRFTest
accept-dialin
protocol l2tp
terminate-from hostname cisco-0
local name cisco-1
=============================================================================
test at vrftest Auth-Type = Local, Password = "XXX"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Tunnel-Server-Endpoint = "X.X.X.X",
Framed-IP-Address = 212.109.32.201,
Framed-IP-Netmask = 255.255.255.252,
Framed-Routing = None,
Framed-MTU = 1500,
Cisco-AVPair = "lcp:interface-config#1 = ip vrf forwarding VRFT",
Cisco-AVPair = "lcp:interface-config#2 = ip address 212.109.32.202
255.255.255.252"
Vladimir Litovka wrote:
> Hello,
>
> there is MPLS network, where L3 VPNs are. I need to connect mobile users
> to some of VPNs. These users work over Internet and traffic must be
> encrypted. One solution is to install IPSec router (for example, 2691
> with AIM card), which will be connected both to Internet and MPLS
> backbone and will handle IPSec sessions. But there is problem: when
> using IPSec, there isn't any user's interface on the router, to which I
> can apply VRF settings and connect this IPSec tunnel to corporate VPN.
> Are there solutions for this problem?
>
> Thank you.
>
--
:r !ripewhois DOKA-RIPE
-------------------------------------------------------------------------
Never try to teach a pig to sing. It wastes your time and annoys the pig.
-- Lazarus Long, "Time Enough for Love"
More information about the cisco-nsp
mailing list