06-28-2011 07:47 AM
scenario
Router1 10.100.1.1 ------------------------------------------- 10.200.1.1 Router 2
vrf1 VTI Vrf1
vrf2 vrf2
vrf3 vrf3
In theory, you could specify the tunnel vrf as vrf1,2,3, etc, then put internet interfaces in diff vrf and specify that as the tunnel vrf, each tunnel would be suing different ipsec/isakmp profile, but would have same tunnel source and destination. Will this work?
07-09-2011 02:33 AM
Hello Mike,
I am not sure I understand the question.
If the question is about having 3 different inside vrf (ivrf) carried to another site through one single VTI tunnel, with its endpoints either in the global routing table or in a different fvrf (front-door vrf) then the answer is no. The reason is that there is would be no way to distiguish to which iVRF the decapsulated traffic would belong to.
What can be done is using 3 different end-points, one for each of the iVRFs and have 3 tunnels created between those. Reusing the same source and destination IP is not an option, unless you can use 3 different front-door vrf between the 2 sites.
I hope this helps
Alain
07-09-2011 11:52 AM
more the the 2nd part.. so i have a router with a internet facing interface at both ends, with vrf1-3 at both ends and a front door vrf that includes the internet interface, if they require differnet ip's how could you do that? loopbacks? get a range of public ip's from the carrier and assign them as loopbacks?
07-11-2011 12:34 AM
Hello Mike,
Yes, loopbacks is indeed how I'd do it.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide