Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
2
Replies

IPSec ttermination on VRF interface

pat1848
Level 1
Level 1

‎08-21-2006 03:33 AM - edited ‎02-21-2020 02:35 PM

Hi

I'm wondering if it's possible to terminate an IPSec connection on a vrf interface. I've already read the documentation about VRF aware IPSec, but in that case, a few IPSec connection over the internet are split afterwards into different MPLS VPN's.

In my case it's really just building a IPSec connection from one vrf interface on a router to another interface in the same vrf on another router....

any ideas?

cheers patrick

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-22-2006 12:12 AM

Hello Patrick,

depending on the ios release and platforms you can do it.

Using C7206 and C3725 and C3745 with advanced enterprise image we were able to implement in a lab environment a Dynamic multipoint VPN in a Carrier Supporting Carrier context.

There also some Ask the expert about network managed services that are focused on the C7600 platform.

And presentations about DMVPN in Networkers sessions are good.

There are some notes:

DMVPN combines IPSec with multipoint GRE and using NHRP (Next Hop Resolution Protocol developed for ATM environments) allows for scalability and easy of maintenance of networks.

IPsec VRF aware, as you correctly point out, is a way to interconnect some remote branches via internet to an enterprise network served by an MPLS service provider

hope to help

giuseppe

0 Helpful

pat1848
Level 1
Level 1
In response to Giuseppe Larosa

‎08-22-2006 03:46 AM

Hi Giuseppe....

Thanks for your replay. Was helpful. I also found some information about a feature introduced in release 13.3(7)T -> IPSec Virtual Tunnel Interface.

Would also be a nice solution to terminate different IPSec connections on different VRF's.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b00.html

cheers

patrick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents