Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Sourced Based VRFs and IPSEC

Hi All,

I have 2 questions.

1) Does Cisco Router 7600 with SUP720 3BXL supports VRF Selection based on Source IP Address [Layer 3 VPNs]?

2) We have various clients reaching a Router and we want to forward them to a their company's VRFs, based on their source address (Given by Radius or Statically). Now, Ideally, we want to give to the customer's H.Q. the option to connect to this router using Leased Lines (or Frame Relays) or by using IPSEC (over the internet). Is this possible? Can traffic from an access server arrive to an interface and based on the source, the user will be either forwarded to a VRF or an IPSEC?



Cisco Employee

Re: Sourced Based VRFs and IPSEC

1) This feature is not currently available on the 7600.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600

Re: Sourced Based VRFs and IPSEC


a solution to xour problem could be to have a VRF aware access server and place the customers into their respective VRF right away (the feature is called Multi-VRF aka VRF-lite). IPSec and Dialer interfaces are possible. Based on authentication you could define the VRF and by having a dot1Q trunk to the 7600 which operates as the MPLS PE.

A second option is to have the trunk to the 7600, VLANs in different VRFs and to do PBR into different VLANs on the CE router/access server.

Hope this helps! please rate all posts.

Regards, Martin

New Member

Re: Sourced Based VRFs and IPSEC

Well the problem is that the access-server is not under our Administration Control.

CreatePlease to create content