[c-nsp] special routing (vrf?) with Cisco 3825

Arie Vayner (avayner) avayner at cisco.com
Thu Jul 31 06:49:59 EDT 2008


Horvath,

What you are describing is Hub and Spoke VPN... As you are using it already, it should be easy to make the traffic pass the firewall. Have you discussed it with your SP?

In general, you could take a look at these links:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a008093505e.html
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_hub_spoke.html

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Horv?th Szabolcs
Sent: Thursday, July 31, 2008 12:37 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] special routing (vrf?) with Cisco 3825

Hello,

We'd like to set up a special routing between remote sites.

The network looks like the following:

   <Site #1 LAN>        <Site #2 LAN>       <Site #3 LAN>
         |                    |                   |
   <  Site #1  >        <  Site #2  >       <  Site #3  >
   < CE router >        < CE router >       < CE router >
         |                    |                   |
         |                    |                   |
    /---------------------------------------------------\
    |                                                   |
    |          Service Provider's MPLS backbone         |
    |                                                   |
    \---------------------------------------------------/
                              |
                              |
                       < Central Site >
                       <   CE router  >
                              |
                       <   Firewall   >
                              |
                       < Central LAN  >


We have 4 sites over an IP VPN. All traffic is routed through the central CE router (the network is configured to "hub & spoke" mode).
Direct traffic between sites is not allowed, only through the central CE router. 

In addition, we have to pass the traffic through the "Firewall" which is going to or coming from the "Site #3".

1. So the route from site #1 to site #3 should look like: 

 Site #1 LAN ---> Site #1 CE router ---> SP network ---> Central CE router ---> Firewall ---> Central CE router ---> 
   SP network ---> Site #3 CE router ---> Site #3 LAN

2. The route from site #3 to site #2 should look like:
 
 Site #3 LAN ---> Site #3 CE router ---> SP network ---> Central CE router ---> Firewall ---> Central CE router --->
   SP network ---> Site #2 CE router ---> Site #2 LAN


The Central CE router is Cisco 3825.

Is this idea can be achieved with current Cisco technologies?
If yes, how does this technology called? I've read about VRF, it might help, but I'm not sure.
Could you please point out the main steps to configure this?

I have a few years Cisco experience, mostly with lan, but I have never ever used complex routing stuffs like this.
I just need a minimal info to start and I'll try to implement. In the first step, I'm just curious if this can be done or you know better solution to do this job.

Thanks in advance,
Szabolcs Horvath
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list