[c-nsp] GRE Tunnelling on the ME3600/ME3800 Switches ?
Saku Ytti
saku at ytti.fi
Wed Dec 28 05:56:14 EST 2011
On (2011-12-28 18:30 +1100), Reuben Farrelly wrote:
Hey,
> Is GRE tunnelling supported on this platform?
No clue, but probably possible in magic fpga.
> We've a need to run GRE tunnels for a URL filtering solution at our
> Head Office from outside the firewall, and policy routing + GRE is
> the only way this can be set up with the upstream vendor.
>
> [Pretty sure policy routing is not supported on this platform yet
> also but confirmation of this would be good as well].
Can't you do PBR+VRF? Match say destination port 80, and set vrf to say
'to-proxy', which only has default route towards proxy box. Then add static
route for the customer network like so
ip vrf from-proxy customer_net cust_int cust_nexthop
In the interface facing web-proxy import from-proxy RT and export default
route as to-proxy RT
web-proxy needs no magic support.
--
++ytti
More information about the cisco-nsp
mailing list