Hi - Please can anyone confirm if the following MPLS scenario is feasible.
I wish to have a number of sites (each in a different VRF) managed via a Firewall at a central site.
The proposal is for the central site CE to have each VRF passed to it via subinterfaces from the PE (no Multi-VRF CE implementation available). Each VRF is then offloaded to a second LAN interface where an external Firewall is attached which will restrict which remote sites can see who.
If the above scenario is possible are there any documents/design guidelines anywhere which show how the VRF's can be mapped to the Firewall i.e. dot1q trunk from the CE.
when the traffic will come it is the vpnv4 traffic but when forwarded to the firewall it should have the ip traffic and for reverese you need to provide the route. I have imlemented with FWSM in 7600. Kindly tell me are u also looking for the same.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...