VRF routing question/issue

Andrew Cormier · ‎12-12-2012

Hi,

I almost have it all working but.. not quite.

I have set up a guest vlan in our office.. we are routing it out to the internet through our data center. I think that is actuall working.

Here is the topology

Guest-->access switch --> core stack --> VRF over the fibre lan extension --> core stack (datacenter) --> Checkpoint FW --> GOOGLE (for example)

All that actually works. If I were sniffing google I would see the requests and respond. That is where it doesnt work

Google--> Checkpoint FW -->Core Stack datacenter -->POOF .. timeout.

A traceroute to the guest from the firewall itself shows the first hop is the non-vrf address of the datacenter stack.

So now I am stuck. How should the firewall be routing packets back to the VRF?

Reza Sharifi · ‎12-12-2012

Hi,

What protocol (if any) are you running inside the vrf?

Have you defined the vrf with rd and rt in all your devices?

ip vrf guest

rd:100:100

route-target both 10:10

HTH

Andrew Cormier · ‎12-13-2012

I have not set rd or rt.

I will try and let you know

Andrew Cormier · ‎12-13-2012

I added those lines to both VRFs but no joy.

I read up on route dist /and route -targeing and it didnt seem to apply to my example.

any other thoughts?

Reza Sharifi · ‎12-13-2012

what devices are layer-2 and what devices are layer-3?

can you post your configs?