[c-nsp] Multiple VRFs over site-to-site VPN? Possible?
John Kougoulos
koug at intracom.gr
Thu Feb 3 10:19:32 EST 2011
Hello,
On Thu, 3 Feb 2011, Ge Moua wrote:
> If there were ISR on both end then I'd just do vrf-aware IPSec and plumb
> L2TPv3 inside of this to transport the vlan; of course this doesn't answer
> the original question of doing this with ASA
>>
>> I believe that you can use ASA for the IPsec part and create GRE tunnels
>> between the PE and CE (one for each VRF). You would need though something
>> like ISR on both ends or switches that support GRE in hardware, so
>> 3560/3750 should change.
>>
I agree with you, it's just another option. GRE would give the ability to
use eg 65xx as PE and also use eg "ip tcp adjust-mss" on the Tunnel
interface, I don't know how this is handled with L2TPv3.
Of course I've assumed that the CE routes the VLANs on each VRF at the
remote site...
Regards,
John
More information about the cisco-nsp
mailing list