Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1735
Views
0
Helpful
1
Replies

Import/Exporting iVRF routes in IPsec iVRF/FVRF environment

mmelbourne
Level 5
Level 5

‎04-05-2012 04:54 AM

Hi,

I am currently terminating a number of IPsec VPNs into customers' 'inside' VRFs (iVRFs) with the 'classic' crypto-map applied in a separate Front-Door VRF (FVRF) on an ASR1k. I now want to export a VPN route from one iVRF into another VRF using MP-BGP. This works as expected in as far as the VPN prefix makes it into the BGP table, but not into the RIB - it would appear that this may be by design and a route with a next-hop in the FVRF (i.e. the VPN RRI route) cannot be exported from the VRF and imported into another VRF. Is there any workaround for this; the only one solution which looks like it might work is to import/export these routes using another VRF and back-to-back VASI interfaces, using ordinary BGP to leak routes. Another possible solution is also to use sVTIs instead of classic crypto (thus avoiding the RRI route), but this doesn't address the need to support classic crypto.

Cheers,

Matt

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Drake22x
Level 1
Level 1

‎10-03-2017 09:15 AM

Sorry to resurrect this, but I am having this exact problem, and wondering if you ever found a solution to this? I have managed to achieve connectivity over a GRE Tunnel, but standard IPSEC vpn still puzzles me.
0 Helpful
Customers Also Viewed These Support Documents