[c-nsp] VRF-Lite Question
Brett Frankenberger
rbf+cisco-nsp at panix.com
Tue Feb 13 15:32:43 EST 2007
On Mon, Feb 12, 2007 at 08:05:00PM -0800, Mark D. Nagel wrote:
>
> Here's a problem I've yet to solve in this scenario. The idea is to
> split a router into two VRFs, one for personal use and one for work
> use. The public interface is shared and used to build an IPSec tunnel
> terminated in the work VRF, and is also used to provide NAT and CBAC for
> the personal VRF. The rub is that you don't know the next hop address
> on the public interface since it is dynamic, usually via DHCP or PPPoE.
> I have not found a way to create the default route via the public
> interface within each of the VRFs via static routing ("ip route vrf WORK
> 0.0.0.0 0.0.0.0 DHCP" doesn't do the trick, nor can you reference the
> global DHCP gateway apparently); I imagine the only way to do it is via
> OSPF or another VRF-aware protocol. Unless someone here knows a way to
> avoid the extra complexity in this case...
Addressing just the comment about "ip route vrf ... DHCP" not working,
that's CSCsd20055, fixed in 12.4(10) and 12.4(11)T.
-- Brett
More information about the cisco-nsp
mailing list