[c-nsp] IPSEC Remote access to MPLS VPN
Jeff Kell
jeff-kell at utc.edu
Wed Feb 15 11:18:54 EST 2012
On 2/15/2012 3:09 AM, ar wrote:
> I would like to setup a remote access IPSEC/SSL VPN then maps to MPLS VPN/VRFs.
> I'm thinking of using 7206VXR as the concentrator/PE for this.
> Remote clients will use cisco/microsoft vpn clients.
> Site-to-site vpn will be supported too.
I'm sure there are numerous 7206 options...
At the Catalyst level (6500/7600) we have used ASAs to terminate
different VPN profiles, and point the default inside gateway to a 6500
SVI interface configured for "VRF Selection using Policy-Based
Routing". The SVI is configured as "ip vrf receive <vrfname>" for each
VRF you have a VPN profile. You then use policy-based routing to
"match" the traffic by profile, and "set VRF / set global" accordingly.
The ASA essentially has no clue about the VRFs, the 6500 does the split.
For site-to-site, you need a similar "split" on the other end, if you
are running more than one VRF over the link.
Jeff
More information about the cisco-nsp
mailing list