[c-nsp] Multiple VRFs over site-to-site VPN? Possible?
Pavel Skovajsa
pavel.skovajsa at gmail.com
Thu Feb 3 09:16:22 EST 2011
I have seen a similar idea, using MPLS inside DMVPN - see Ivan's blog
http://blog.ioshints.info/2011/02/end-to-end-qos-marking-in-mplsvpn-over.html
<http://blog.ioshints.info/2011/02/end-to-end-qos-marking-in-mplsvpn-over.html>But
you would need ISR for this, DMVPN (and MPLS) is not possible on ASA.
-pavel
On Wed, Feb 2, 2011 at 12:20 AM, Jeff Kell <jeff-kell at utc.edu> wrote:
> Ran across a new requirement where we would like to extend our campus
> standard multi-VRF
> "routed building" out to a remote site over the public Internet.
>
> Absent the ideal MPLS or multiple-vlan Metro-E, can you do this
> site-to-site over a pair
> of ASAs?
>
> Ideally it would be something along the lines of:
>
> VRF A vlan 123-->
> VRF B vlan 456-->(terminating on ---> Site ASA ----> Campus ASA ---->
> Campus PE (VRF A/B/C)
> VRF C vlan 789--> 3560/3750 CE)
>
> Perhaps in simpler terms, bringing the 3 VRF vlans across the wire onto
> similar VRF
> vlans on the campus side.
>
> On-campus we just run a dot1Q trunk with a vlan for each VRF from CE to PE.
>
> Can you trunk them into the ASA and do separate tunnels over the public IP
> endpoints,
> dropping them on separate vlans on the other end?
>
> Without meshing the routing / crossing the streams with respect to the
> VRFs?
>
> Jeff
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list