[c-nsp] Design - gre+ipsec+vpnsm+fwsm+vrf
Ge Moua
moua0100 at umn.edu
Thu Mar 8 14:21:43 EST 2007
We are doing very similar to what you described for your situation. See
attached file.
:-)
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
2218 University Ave SE | Minneapolis, MN 55414-3029
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Szilard Csordas
Sent: Thursday, March 08, 2007 12:20 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Design - gre+ipsec+vpnsm+fwsm+vrf
Hello,
We are in a quite complex situation and as always we don't have a real lab
to test it.
We did the design on paper but I am not sure if it works.
65k, sup720+FW+vpn spa. Let's say it has 2 sides, left and the right.
If I terminate a GRE+IPSec tunnel (tunnel protection) on the right side, I
want the traffic to flow through the firewall module (routed or transparant)
and to push that traffic into the other GRE+IPsec tunnel on the left side.
Is that possible with one box or do I have to split the functions to more
devices.
To compicate matters further what happens if I want that Tunnel interfaces
to be in the VRFs (no mpls)?
Any advice is appreciated.
thanks,
Szilard
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list