09-22-2008 03:19 AM - edited 03-03-2019 11:38 PM
Hello
I have to configure extranets.
This has to be done for different routers(or subnets) belonging to 2 different vrf's.
Traffic from A to B has to be allowed and denied from B to A.
Could somebody advise me?
Thank you
Fred
09-22-2008 06:50 AM
Hi Fred,
You can consider doing PAT or dynamic NAT from A to B . PAT will hide your network A .So no traffic can be sent to network A from B.
HTH
Saju
Pls rate helpful posts
09-22-2008 08:45 AM
Hello Fred,
you can implement an MPLS VPN extranet solution to make communication possible between the two VRFs.
On each router belonging to VRF A you can accept TCP sessions only if already established
access-list 123 permit tcp x.x.x.x y.y.y.y any established
access-list 123 deny tcp x.x.x.x y.y.y.y any
access-list 123 permit ip any any
int gx/y
ip vrf forwarding VRF_A
ip access-group 123 out
!
where x.x.x.x represents the networks of VRF B.
the extranet solution is simply the adding of route-target import command within VRF interfaces
ip vrf VRF_A
route-target import
to be added
ip vrf VRF_B
route-target import
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide