[c-nsp] IPSec L2L tunnel - traffic from IVRF to other VRFs
Ramcharan, Vijay A
vijay.ramcharan at verizonbusiness.com
Wed Dec 24 15:40:53 EST 2008
I've read the doc at
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_vrf
_aware_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027
175 and ignoring the restriction about mapping VRF to VRF traffic have
tried (unsuccessfully) to circumvent this restriction.
Is it at all possible to terminate an IPSec L2L tunnel in VRF A and then
have traffic exit that VRF A to reach resources located in VRF B or
possibly the global routing table?
I see the security implications naturally of allowing traffic from
remote sites to leak across VRFs but if it's not possible then is there
some way of providing a "central service" type of resource to a bunch of
different sites (assume each site goes into a different VRF) which
connect to that resource via IPSec tunnels?
[Site A]---IPSec tunnel over Internet---[Hub Router--VRF A--]
|
[VRF B]
|
(Central Service)
Vijay Ramcharan
More information about the cisco-nsp
mailing list