Extranet/ prefixlist

fab5freddy · ‎09-22-2008

Hello

I have to configure extranets.

This has to be done for different routers(or subnets) belonging to 2 different vrf's.

Traffic from A to B has to be allowed and denied from B to A.

Could somebody advise me?

Thank you

Fred

singhsaju · ‎09-22-2008

Hi Fred,

You can consider doing PAT or dynamic NAT from A to B . PAT will hide your network A .So no traffic can be sent to network A from B.

HTH

Saju

Pls rate helpful posts

Giuseppe Larosa · ‎09-22-2008

Hello Fred,

you can implement an MPLS VPN extranet solution to make communication possible between the two VRFs.

On each router belonging to VRF A you can accept TCP sessions only if already established

access-list 123 permit tcp x.x.x.x y.y.y.y any established

access-list 123 deny tcp x.x.x.x y.y.y.y any

access-list 123 permit ip any any

int gx/y

ip vrf forwarding VRF_A

ip access-group 123 out

!

where x.x.x.x represents the networks of VRF B.

the extranet solution is simply the adding of route-target import command within VRF interfaces

ip vrf VRF_A

route-target import

to be added

ip vrf VRF_B

route-target import

Hope to help

Giuseppe