[c-nsp] Design - gre+ipsec+vpnsm+fwsm+vrf

Ge Moua moua0100 at umn.edu
Thu Mar 8 14:21:43 EST 2007


We are doing very similar to what you described for your situation.  See
attached file. 



:-)
Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Szilard Csordas
Sent: Thursday, March 08, 2007 12:20 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Design - gre+ipsec+vpnsm+fwsm+vrf

Hello,

We are in a quite complex situation and as always we don't have a real lab
to test it.
We did the design on paper but I am not sure if it works.

65k, sup720+FW+vpn spa. Let's say it has 2 sides, left and the right.
If I terminate a GRE+IPSec tunnel (tunnel protection) on the right side, I
want the traffic to flow through the firewall module (routed or transparant)
and to push that traffic into the other GRE+IPsec tunnel on the left side.
Is that possible with one box or do I have to split the functions to more
devices.

To compicate matters further what happens if I want that Tunnel interfaces
to be in the VRFs (no mpls)?

Any advice is appreciated.

thanks,
Szilard
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list