[c-nsp] Crypto map + traffic via "ip route vrf ... global"
Joe Maimon
jmaimon at ttec.com
Mon Jul 14 21:32:30 EDT 2008
Peter Rathlev wrote:
> Hi,
>
> The traffic that doesn't get encrypted comes from a VRF Lite
> subinterface on the "back" of the 7200. This VRF has a static 0/0 route
> with a global next hop, and the global table has a static route pointing
> the other way.
Sure would make things simpler if inter-vrf traffic could be configured
to appear as if it went through a logically defined interface.
On the other hand, you can actually do that manually, at the cost of
handling the packets twice, either with physical interfaces or with tunnels.
More information about the cisco-nsp
mailing list