[c-nsp] IPSEC Remote access to MPLS VPN
Ge Moua
moua0100 at gmail.com
Wed Feb 15 04:04:22 EST 2012
We did all of the requirements you mentioned at the Univ of Minn.
As you mentioned, the documentation is out there but not nicely in one
area of Cisco CCO land.
You're looking down the right path with vrf-aware IPSec. We
experimented with both flavors:
* full blown mpls/bgp/vrf (6VPE / 4VPE)
* vrf-lite
In the end we thought doing the vrf-lite option then mapping these to
6VPE / 4VPE mpls-bgp provided the best options for functionality &
config flexibility:
* well defined front-door vrf to inside-vrf mapping (native ip)
* native ip termination for front-door vrf (vs. 6vpe / 4vpe will be
ldp/mpls at front-door vrf & limited to default table unless you start
dealing with complexity of route-leaking RD/RT; violated KISS in my
opinion).
Contact me off-list and I'll share config exemplars for what you are
looking for.
--
Regards,
Ge Moua
University of Minnesota Alumnus
Email: moua0100 at umn.edu
--
On 2/15/12 2:09 AM, ar wrote:
> Hi Guys.
>
> I would like to setup a remote access IPSEC/SSL VPN then maps to MPLS VPN/VRFs.
> I'm thinking of using 7206VXR as the concentrator/PE for this.
> Remote clients will use cisco/microsoft vpn clients.
> Site-to-site vpn will be supported too.
>
>
> Anyone has good documentation for configuration?
> I'm reading vrf-aware ipsec but it seems to lack more configurations options.
>
> Any comments?
>
> thanks
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list