Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
1
Replies

Internet Connectivity for Multi - vrfs

g.oridota
Level 1
Level 1

‎01-26-2007 07:13 AM

Hi all,

Some help needed with the scenario below;

Am currently migrating our legacy IP network to MPLS.we have been able to migrate 3 seperate networks into their respective vrfs and currently only left with the internet segment which used to connect to these 3 networks via a Cisco 535 firewall.

Problem is, i have created an internet vrf and intend to export a default route within the internet vrf into the other vrfs.Which should work fine for traffic leaving these networks to the internet.

Problem is : how to handle traffic comming from the internet to these respective vrfs without having to import those routes into the internet vrf?

Why do i want this ? Currently inter-vrf traffic is via a FWSM only and would like to keep it that way. No leaking of routes from one vrf to the other.If i do import the 3 vrfs into the internet vrf, it will leak one vrf route to the other !

Any help ?

Labels:
0 Helpful
1 Reply 1

mheusinger
Level 10
Level 10

‎01-26-2007 07:31 AM

Well,

one way would be to create a VLAN subinterface per VRF in the PIX. This way all traffic to the internet would be directed towards the firewall and there you could easily control/block inter-VRF traffic.

Or you create one internet interface in the FWSM and control access there.

Regards, Martin

0 Helpful
Customers Also Viewed These Support Documents