Showing results for 
Search instead for 
Did you mean: 

How to merge routes from a VRF into the default routing table ?

Level 1
Level 1


I need some advise on VRF Design, i'm not used to how this thing work exaclty, but I will explain you what I need to acheive.


We have 1 Head-router deserving 350 Store. On this router we have:

1 link to the internal Network

1 link to private MPLS network (Bell Canada)

1 link to the Internet

On that router, for every stores, we are running 2 GRE tunnels, 1 over the MPLS link and 1 over VPN link (used as a backup for MPLS)

My problem:

The stores VPN's source IP are dynamic, therefore we need 1 default static route to access the Internet on the Head-router. But adding this routes made the Internet access not working over the MPLS network, since once the packet are reaching the Head-router, they are routed back on the Internet Access instead of going into our internal network to finally pass through our Proxy.

What I would like to do:

Use a dedicated VRF for the static routes that will bring the VPN GRE Tunnels UP and the VPNs working, then all the traffic reaching the Head-router Tunnel's end point need to "exit" that VRF and continue using the default OSPF routing table which is on the default routing table.

How can I do this ?

Is there any way to "merge" or "switch" from one VRF te the default one on a router ?

Any other way to do it ?


3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

try to do the following

create a VRF lets call it VRFA

this VRF you will use it for the Internet physical interface and the Internet default route in the branch

gassing it to the Internet interface

int fax/x

ip vrf forwarding VRFA

create a default route for this VRF

ip route vrf VPNA [next hop for your Internet ]

now for  your tunnel interface has the source interface as the physical interface above assigned to vrf VRFA

at the same time the tunnel is residing in the global routing table

as per your requirement you need the tunnel to use the Internet default route just for the tunnel establishment with the other end

there is command that you can use it for this  porous which is under the tunnel interface:

int tunnelx

tunnel vrf VRFA

in the case the tunnel will use the default route of VRFA to reach the other end of the tunnel ( for VPN)

and will use the global routing table for traffic exchange between the two tunnels

( only the tunnel source and destination will be used from VRFA vrf routing table )

if you are using ospf over th GRE i would suggest you to inject the default route from the HQ router through OSPF

router ospf 1

default-information originate always

good luck

if helpful Rate

Laurent Aubert
Cisco Employee
Cisco Employee

Hi Nicolas,

What you can do is to configure FVRF on the GRE tunnel of the hub:

1- Put the internet interface in a VRF

2- configure the default static route in this VRF as well

3- configure FVRF so IPSec will use this VRF for the remote peer VPN address lookup.

All the decrypted traffic will be routed via the default routing table.

Here is a configuration example:

Check chapter 5.



Marwan ALshawi
VIP Alumni
VIP Alumni

this is a quick test i did for the methooed i mentioned

ip vrf VRFA
rd 1:1

interface Tunnel0
ip address
ip ospf 1 area 0
tunnel source FastEthernet1/1      -- source and distenations used from vrf VRF1 routing table to get the tunnel up
tunnel destination
tunnel vrf VRFA

interface FastEthernet1/0
ip address
ip ospf 1 area 0
duplex auto
speed auto
interface FastEthernet1/1
ip vrf forwarding VRFA      -- internet interface
ip address
duplex auto
speed auto
router ospf 1

ip route vrf VRFA   ---- VRF default route

R1#show  ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is to network is subnetted, 1 subnets
C is directly connected, FastEthernet1/0 is subnetted, 1 subnets
C is directly connected, Tunnel0
O*E2 [110/1] via, 00:01:45, Tunnel0  --- this injected from the HQ in your case through OSPF over the tunnel

good luck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card