Multiple paths through VPN SM in 6500?

mflanigan · ‎03-09-2006

I have the need to handle site-site VPN tunnels as well as VPN clients through a single VPN SM in my chassis. The Xauth and mode config client requirements conflict with the tunnel settings, so that the tunnels break whenever I add client config. The best way to handle this is with isakmp profiles, but my current SW does not support them, and it's not clear whether I can get a profile aware version in the SUP720/MSFC3 train yet. I was wondering if it would be possible to have 2 separate port/interface vlan pairs running through the SM, with separate crypto maps on each interface vlan. I would have to route the client and tunnel traffic accordingly. I think this will work, but none of the doc on the SM setup has more than one path through the SM. Any thoughts would be appreciated

a-vazquez · ‎03-15-2006

MVPN is a standards-based feature that transmits IPv4 multicast traffic across an MPLS VPN cloud. MVPN on Catalyst 6500 series switches uses the existing PFC hardware support for IPv4 multicast traffic to forward multicast traffic over VPNs at wire speeds. MVPN adds support for IPv4 multicast traffic over Layer 3 IPv4 VPNs to the existing IPv4 unicast support.

MVPN routes and forwards multicast packets for each individual VPN routing and forwarding (VRF) instance, as well as transmitting the multicast packets through VPN tunnels across the service provider backbone.

MVPN is an alternative to IP-in-IP generic route encapsulation (GRE) tunnels. GRE tunnels are not a readily scalable solution and they are limited in the granularity they provide to customers.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080435615.html#wp1027177