Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Extranet/ prefixlist

Hello

I have to configure extranets.

This has to be done for different routers(or subnets) belonging to 2 different vrf's.

Traffic from A to B has to be allowed and denied from B to A.

Could somebody advise me?

Thank you

Fred

2 REPLIES
Silver

Re: Extranet/ prefixlist

Hi Fred,

You can consider doing PAT or dynamic NAT from A to B . PAT will hide your network A .So no traffic can be sent to network A from B.

HTH

Saju

Pls rate helpful posts

Hall of Fame Super Silver

Re: Extranet/ prefixlist

Hello Fred,

you can implement an MPLS VPN extranet solution to make communication possible between the two VRFs.

On each router belonging to VRF A you can accept TCP sessions only if already established

access-list 123 permit tcp x.x.x.x y.y.y.y any established

access-list 123 deny tcp x.x.x.x y.y.y.y any

access-list 123 permit ip any any

int gx/y

ip vrf forwarding VRF_A

ip access-group 123 out

!

where x.x.x.x represents the networks of VRF B.

the extranet solution is simply the adding of route-target import command within VRF interfaces

ip vrf VRF_A

route-target import

to be added

ip vrf VRF_B

route-target import

Hope to help

Giuseppe

111
Views
0
Helpful
2
Replies
CreatePlease to create content