08-21-2006 03:33 AM - edited 02-21-2020 02:35 PM
Hi
I'm wondering if it's possible to terminate an IPSec connection on a vrf interface. I've already read the documentation about VRF aware IPSec, but in that case, a few IPSec connection over the internet are split afterwards into different MPLS VPN's.
In my case it's really just building a IPSec connection from one vrf interface on a router to another interface in the same vrf on another router....
any ideas?
cheers patrick
08-22-2006 12:12 AM
Hello Patrick,
depending on the ios release and platforms you can do it.
Using C7206 and C3725 and C3745 with advanced enterprise image we were able to implement in a lab environment a Dynamic multipoint VPN in a Carrier Supporting Carrier context.
There also some Ask the expert about network managed services that are focused on the C7600 platform.
And presentations about DMVPN in Networkers sessions are good.
There are some notes:
DMVPN combines IPSec with multipoint GRE and using NHRP (Next Hop Resolution Protocol developed for ATM environments) allows for scalability and easy of maintenance of networks.
IPsec VRF aware, as you correctly point out, is a way to interconnect some remote branches via internet to an enterprise network served by an MPLS service provider
hope to help
giuseppe
08-22-2006 03:46 AM
Hi Giuseppe....
Thanks for your replay. Was helpful. I also found some information about a feature introduced in release 13.3(7)T -> IPSec Virtual Tunnel Interface.
Would also be a nice solution to terminate different IPSec connections on different VRF's.
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b00.html
cheers
patrick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: