Re: multiple vrfs extended thru vpn with same endpoints?

Mike Schooley · ‎06-28-2011

scenario

Router1 10.100.1.1 ------------------------------------------- 10.200.1.1 Router 2

vrf1 VTI Vrf1

vrf2 vrf2

vrf3 vrf3

In theory, you could specify the tunnel vrf as vrf1,2,3, etc, then put internet interfaces in diff vrf and specify that as the tunnel vrf, each tunnel would be suing different ipsec/isakmp profile, but would have same tunnel source and destination. Will this work?

Alain Jourez · ‎07-09-2011

Hello Mike,

I am not sure I understand the question.

If the question is about having 3 different inside vrf (ivrf) carried to another site through one single VTI tunnel, with its endpoints either in the global routing table or in a different fvrf (front-door vrf) then the answer is no. The reason is that there is would be no way to distiguish to which iVRF the decapsulated traffic would belong to.

What can be done is using 3 different end-points, one for each of the iVRFs and have 3 tunnels created between those. Reusing the same source and destination IP is not an option, unless you can use 3 different front-door vrf between the 2 sites.

I hope this helps

Alain

Mike Schooley · ‎07-09-2011

more the the 2nd part.. so i have a router with a internet facing interface at both ends, with vrf1-3 at both ends and a front door vrf that includes the internet interface, if they require differnet ip's how could you do that? loopbacks? get a range of public ip's from the carrier and assign them as loopbacks?

Alain Jourez · ‎07-11-2011

Hello Mike,

Yes, loopbacks is indeed how I'd do it.

Alain