[c-nsp] VRF Design Question
Gerald Krause
gk at ax.tc
Fri Jan 27 13:02:50 EST 2006
Hi folks.
My Setup:
: VPDN-DIAL-USER
:
[c7200] r1
| some off. IP
|
|
(...INET...)
|
|
| some off. IP
[c2600] r2
| RFC1918 IP / CUSTOMERS LAN
|
...
My goal is to establish a kind of VPN between some dial users (not
all) and a remote branch in a different location. I imagine something
like this:
o GRE Tunnel0 between r1/r2
o User1 dials in on r1
-> creating Virtual-Interface-1 (Vi1) on r1 for User1 via AAA/RADIUS
o if User1 belongs to a certain customer or group then route all traffic
from Vi1 towards Tunnel0 to r2 - otherwise give him normal/direct
Internet access
Furthermore Tunnel0 and the mentioned certain Vi's should also be
protected from all other traffic.
I have no practical experience with VRF's at this time but all the
doc's I've read so far tells me implementing a VRF setup is the right
way to accomplish the stuff I want. The other option is using only
common PBR and ACL's but I'm afraid that this won't scale and is some
kind of nasty too.
Any recommendations are welcome.
-Gerald
More information about the cisco-nsp
mailing list