This document shows how to configure VPN client on Catalyst 6500 using VRF.
What is VRF?
Virtual routing and forwarding (VRF) can be defined as a process in IP network where routers are capable to read multiple instances of routing table to be stored in router and keep working simultaneously. This increases functionality by enabling network paths to be divided in differente segments without utilizing any other multiple device. Due to this feature of VRF traffic is segregated on it's own without any external input from user.It provides new height to network security.VRF is able to eradicate the need of encryption and authentication.VRF is a boon for Internet service providers (ISPs) as they implement VRF to create multiple seperate virtual private networks (VPNs) for customers.This technology is also allude to as VPN routing and forwarding.
VRF enacts as a logical router and router can store many routing tables. In VRF a single VPN will create a single routing table. In addition to this VRF needs a forwarding table whch points to the designated next hop. A list of devices may be called upon to forward the packet.A set of pre-defined rules and routing protocol are responsible for the effective execution of packet forwarding.The tables present ensures that traffic is not forwarded outside a designated VRF path and ensures that every VRF instance should remain independent so that traffic reach to it's designated destination.
The Virtual Routing and Forwarding (VRF)-Aware IPsec feature introduces IPsec tunnel mapping to Multiprotocol Label Switching (MPLS) VPNs. Using the VRF-Aware IPsec feature, you can map IPsec tunnels to VRF instances using a single public-facing address.
Hostname(config)#crypto isakmp client configuration group
Hostname(config)#crypto isakmp profile vrf
Hostname(config)#crypto ipsec transform-set esp-3des esp-sha-hmac
Hostname(config)#crypto dynamic-map 10
Hostname(config)#crypto map CRYPTO-MAP-VRFA local-address interface x/y
Hostname(config)#crypto map CRYPTO-MAP-VRFA 65000 ipsec-isakmp dynamic CRYPTO-DYNMAP-VRFA
ip vrf forwarding VRFA
ip address X.X.X.X Netwok Mask