I am working with an ASR 1006 that is used strictly for IPSEC VPN tunnels and am utilizing VRF's to segregate traffic to support instances where tunnels may be using the same IP scheme.

Occasionally, it would be beneficial to allow access to the internet for downloading drivers and such.

So far, all of the supporting documentation for internet access via VRF refers to MPLS connections.

Any help would be appreciated.

Here is how one of the tunnels is configured for TEST VRF.

vrf definition TEST
 rd 22:22
 !
 address-family ipv4
 exit-address-family
!

crypto keyring TEST
  pre-shared-key address x.x.x.x key 6 Y`J`B]Q\YFOW\HW[BWCbOf_]QTWggK\ER
!

crypto isakmp profile TEST
   vrf TEST
   keyring TEST
   match identity address x.x.x.x 255.255.255.255
!

crypto map OUTSIDE 5 ipsec-isakmp
 set peer x.x.x.x
 set transform-set ESP-AES-256-SHA
 set isakmp-profile TEST
 match address TEST

interface GigabitEthernet1/0/0
 ip address #.#.#.# 255.255.255.224
 negotiation auto
 crypto map OUTSIDE
!

interface GigabitEthernet1/0/1.22
 encapsulation dot1Q 22
 vrf forwarding TEST
 ip address 10.0.0.1 255.255.255.0
!

ip forward-protocol nd
!

ip route 0.0.0.0 0.0.0.0 #.#.#.#

ip route vrf TEST 192.168.0.0 255.255.255.0 #.#.#.# global

ip access-list standard VTY
 permit any
!

ip access-list extended TEST
 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255