Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1296
Views
0
Helpful
0
Replies

vrf and GRE DMVPN tunnel - one host ip

b.schlegel
Level 1
Level 1

‎11-09-2011 10:24 AM - edited ‎03-04-2019 02:13 PM

- I have one Cisco 1841 router with one interface on the private side using subinterfaces using tagging, public side just has a public ip on it.  This is terminating the DMVPN tunnel (host).  The DMVPN tunnel is up, I can get acrross it no problem without any VRF applied.

- I have one Cisco 871 DMVPN spoke, tunnel is up I can pass traffic so my VPN logic is good, no VRF applied.

So what I am trying to achieve by applying VRF.

     - I want to use multiple VRF's to deal with overlapping remote DMVPN networks terminated on this one Cisco 1841 router

     - I only want to introduce one host ip to reserve network space to both the global routing tables and the VRF (not the whole interface)

I was able to add a VRF group and ping across my tunnel sourcing it from the VRF group in the 1841.  The problem becomes being able to introduce one host ip into VRF and keep it in the global routing table (as connected). 

I don't want to apply the VFR to the interface on the LAN simply because I want to be able to put multiple host ip's in multiple VRF's anyone know if this is possible or how do I introduce a host ip without introducing the local interface into the VRF but also keep it in the global routing tables?

Let me provide some more info

On the 1841

ip vrf blue

rd 1:1

!

interface Tunnel2

description to 871

ip vrf forwarding blue

ip address 172.31.255.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication ECL-DR1

ip nhrp map multicast dynamic

ip nhrp network-id 992

ip nhrp holdtime 450

ip route-cache flow

ip tcp adjust-mss 1360

no ip mroute-cache

delay 1000

tunnel source x.y.z

tunnel mode gre multipoint

tunnel key 1000005

tunnel protection ipsec profile multi shared

!

ip route vrf blue 10.0.0.0 255.255.255.0 172.31.255.2 name CustomerVRF

!

Router1841#ping vrf blue 172.31.255.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.31.255.2, timeout is 2 seconds:

!!!!!

Router1841#ping vrf blue 10.0.0.31

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.31, timeout is 2 seconds:
!!!!!

Router1841#   sh ip vrf detail  blue

VRF blue; default RD 1:1; default VPNID <not set>

  Interfaces:

    Tu2

  Connected addresses are not in global routing table

  No Export VPN route-target communities

  No Import VPN route-target communities

  No import route-map

  No export route-map

  VRF label distribution protocol: not configured

Router1841#

So I am able to ping accross from my group to my remote, now how do I introduce the host LAN ip of the server 10.4.0.216?  I don't want to apply the forwarding instance to the local interface because I want to put multiple groups in this subnet unless I can put multiple VRFs on the same interface?  I guess I am asking how do I keep it in the global tables as well as at it to a VRF 

interface FastEthernet0/0.708

description

encapsulation dot1Q 708

ip address 10.4.0.222 255.255.255.240

ip nat inside

ip virtual-reassembly

ip policy route-map nonat

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card