Re: Multi-VRF CE -> IPSec -> MPLS network

matt.woodling · ‎02-08-2005

How do I connect a multi-VRF CE router (with VRF A and VRF B) to an MPLS network using an IPSec tunnel over the Internet? I want VRF A on the CE to route to VRF A on the MPLS network and VRF B to route to VRF B.

Basically, I want to have the remote site to work much like a T1-connected remote site, only using IPSec instead of the T1.

I can already use IPSec to route all the remote site's traffic to a single VRF on the head-end VPN router, but I can't figure out how to do more than one VRF.

Matt

mheusinger · ‎02-14-2005

Hi,

the problem might be that you need two tunnels ending at two different IPs, f.e.

interface Tunnel1

ip vrf forwarding VPN1

ip address 1.1.1.1 255.255.255.252

tunnel source 10.10.10.1

tunnel destination 10.0.0.1

!

interface Tunnel2

ip vrf forwarding VPN2

ip address 2.2.2.2 255.255.255.252

tunnel source 10.10.10.2

tunnel destination 10.0.0.2

and secure them with IPSec. There was an issue, that the tunnels couldn´t end at the same IP as they would not be working correctly.

regards

Martin