07-28-2010 03:49 AM
We have a few sites that only have 2-5 people at them that we would like to extend our MPLS/ VRF's to. Today we are using a nailed up VPN to an ASA with static routes pointing back to them.
Perfect world would be to have a router at the remote side running MPLS building an Easy VPN tunnel back to the ASA over the Internet and MPLS working through that. Most of these sites have dynamic IP's or are behind a NAT router at remote location so having static IP's wouldn't be feasible.
Has anyone done this before?
07-28-2010 09:41 AM
Hi Charles ,
As per your senario you have internet connection in remote location & you want to connect through Easy VPN & also want to run MPLS .
But i am not clear that exactly what you are looking for , there are to many option to connect remote locaiton to central locaiton over internet.
Why you want to run MPLS for Branch location.
Simply you can have DMVPN for all remote location. ( Good when you don't have static IP & Easy to implement ).
Regards
Chetan Kumar
07-28-2010 07:43 PM
We have many VRF's on campus that we would like to extend to these locations, such as VOIP, management, etc.
The reason we were looking at Easy VPN was because we already have ASA's setup and configured and were hoping it would be a no brainer.
We could utilize another router to terminate these connections onto.
Thanks in advance.
07-29-2010 02:31 PM
Hi Charles,
To run MPLS /VRF over the internet is not an issue. To do that you just need to have an connectivity between the HUB & SPOKE router .
and that you can get over internet using below option.
1] DMVPN
2] VPDN
3] GRE over VPN
3] Easy VPN
or etc .
But to run MPLS VRF you need that much of VRF interface at Spoke locaiton & that you can get by above option .
Reagrds
Chetan Kumar
08-03-2010 06:22 AM
Hi,
VRF aware IPSec is what you nee, see http://www.cisco.com/en/US/partner/docs/ios/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec.html
Bo
08-03-2010 06:24 AM
fobidden... partners only.
08-03-2010 06:27 AM
oops, I must have posted the link when I was logged in. Anyway, just do a search using "vrf aware ipsec", then you'll get the public link
-Bo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide