Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VRF-Lite Two Customers Same Subnet

Hello,

We want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.

I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).

What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.

Any thoughts?

-Bryan

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

VRF-Lite Two Customers Same Subnet

Hi Bryan,

I have faced the same problem in the past.

We overcome this issue by assigning to the customer different loopback management IPs for each CE. You have only to check that these IPs do not conflict with existing Management IP of other customers and are reachable by the NMS.

If the customer can not configure new management loopback IP, you have to use static nat entries to the management IP to a interface of your router.

Static NAT is required in order to use a subnet that does not conflict with existing IPs and to have a dedicated IP per managed CE.

Hope that helps,

Vasilis

3 REPLIES

VRF-Lite Two Customers Same Subnet

Hi Bryan,

You will need some unique IP addresses in order to work. You can configure some loopbacks on the client equipments, and export into the management vrf only those IPs.

I do belive that this is the best solution.

Another one will be NAT.

Regards

Dan

VRF-Lite Two Customers Same Subnet

Hi Bryan,

I have faced the same problem in the past.

We overcome this issue by assigning to the customer different loopback management IPs for each CE. You have only to check that these IPs do not conflict with existing Management IP of other customers and are reachable by the NMS.

If the customer can not configure new management loopback IP, you have to use static nat entries to the management IP to a interface of your router.

Static NAT is required in order to use a subnet that does not conflict with existing IPs and to have a dedicated IP per managed CE.

Hope that helps,

Vasilis

New Member

VRF-Lite Two Customers Same Subnet

Hello,

Thanks for the replies. I believe static nat will be the only way to configure this.

Cheers,

Bryan

1129
Views
5
Helpful
3
Replies