On 2/15/2012 3:09 AM, ar wrote: > I would like to setup a remote access IPSEC/SSL VPN then maps to MPLS > VPN/VRFs. > I'm thinking of using 7206VXR as the concentrator/PE for this. > Remote clients will use cisco/microsoft vpn clients. > Site-to-site vpn will be supported too.
I'm sure there are numerous 7206 options... At the Catalyst level (6500/7600) we have used ASAs to terminate different VPN profiles, and point the default inside gateway to a 6500 SVI interface configured for "VRF Selection using Policy-Based Routing". The SVI is configured as "ip vrf receive <vrfname>" for each VRF you have a VPN profile. You then use policy-based routing to "match" the traffic by profile, and "set VRF / set global" accordingly. The ASA essentially has no clue about the VRFs, the 6500 does the split. For site-to-site, you need a similar "split" on the other end, if you are running more than one VRF over the link. Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/