09-22-2008 03:19 AM - edited 03-03-2019 11:38 PM
Hello
I have to configure extranets.
This has to be done for different routers(or subnets) belonging to 2 different vrf's.
Traffic from A to B has to be allowed and denied from B to A.
Could somebody advise me?
Thank you
Fred
09-22-2008 06:50 AM
Hi Fred,
You can consider doing PAT or dynamic NAT from A to B . PAT will hide your network A .So no traffic can be sent to network A from B.
HTH
Saju
Pls rate helpful posts
09-22-2008 08:45 AM
Hello Fred,
you can implement an MPLS VPN extranet solution to make communication possible between the two VRFs.
On each router belonging to VRF A you can accept TCP sessions only if already established
access-list 123 permit tcp x.x.x.x y.y.y.y any established
access-list 123 deny tcp x.x.x.x y.y.y.y any
access-list 123 permit ip any any
int gx/y
ip vrf forwarding VRF_A
ip access-group 123 out
!
where x.x.x.x represents the networks of VRF B.
the extranet solution is simply the adding of route-target import command within VRF interfaces
ip vrf VRF_A
route-target import
to be added
ip vrf VRF_B
route-target import
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: