We are looking for a way to allow our customers to access to the Internet, as well as to access their VPN (through the same interface). We have a 7500s MPLS backbone and we are using 7500 as access routers too.
We are thinking about encapsulating VPN traffic in an IPSec tunnel from the customer remote router to our 7500 but we don't see the way to convert IPSec VPN traffic into VPN MPLS Backbone traffic. Any idea?
Is there any way to give Internet access from a VPN without needing an 'Internet VPN'?
From what I can gather by your post, it looks like you are trying to do split tunneling. By applying access-list rules to traffic types you specify what is to be encrypted between what networks, with all the other data going off to the Internet. Hope this helps!
Thanks for you answer. Unfortunately that's not a solution for us.
That's precisely what we want to avoid. We do not want to make too many tunnels (one for VPN, another for Internet) and we do not want a tunnel fully meshed network to implement VPNs. That's the reason why we are going to use MPLS VPNs in our IP backbone.
What we are going to try is the command 'ip route vrf 0.0.0.0 0.0.0.0 global'. This command sets a default gateway, where next hop address is in the non-VRF routing table. Then Internet traffic will be sent to this IP address, outside de VPN.
The real problem now is how to do the translation IPSec-MPLS. By the moment, the only option is to assign an interface to an MPLS VPN, but it is not possible to assign a tunnel interface to an MPLS VPN. Has anybody tried an IPSec access network with an MPLS backbone Network?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...