Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet Connectivity for Multi - vrfs

Hi all,

Some help needed with the scenario below;

Am currently migrating our legacy IP network to MPLS.we have been able to migrate 3 seperate networks into their respective vrfs and currently only left with the internet segment which used to connect to these 3 networks via a Cisco 535 firewall.

Problem is, i have created an internet vrf and intend to export a default route within the internet vrf into the other vrfs.Which should work fine for traffic leaving these networks to the internet.

Problem is : how to handle traffic comming from the internet to these respective vrfs without having to import those routes into the internet vrf?

Why do i want this ? Currently inter-vrf traffic is via a FWSM only and would like to keep it that way. No leaking of routes from one vrf to the other.If i do import the 3 vrfs into the internet vrf, it will leak one vrf route to the other !

Any help ?

1 REPLY

Re: Internet Connectivity for Multi - vrfs

Well,

one way would be to create a VLAN subinterface per VRF in the PIX. This way all traffic to the internet would be directed towards the firewall and there you could easily control/block inter-VRF traffic.

Or you create one internet interface in the FWSM and control access there.

Regards, Martin

114
Views
0
Helpful
1
Replies