05-31-2016 06:42 AM - edited 02-21-2020 08:50 PM
We currently have ASR1002-X's configure with GETVPN applied to the WAN interface within the Global RIB, is it possible to apply IPsec tunnels to interfaces residing in a another VRF?
The IPsec encrypted interface would be a sub-interface on the same physical interface as GTEVPN i.e.
Interface Ten 0/1/0.100 using GETVPN
Interface Ten 0/1/0.200 using IPsec
06-06-2016 06:19 AM
hmdavies,
I don't foresee any issues with this. If everything is in a unique VRF, all of our traffic and crypto processes should be segregated and should not cause any conflicts. Did you have a proposed config snippet you can share?
HTH,
Frank
06-07-2016 06:09 AM
many thanks for your feedback, no configs yet as this is at the concept stage at present
Regards
Howard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide