Hello,
On Thu, 3 Feb 2011, Ge Moua wrote:
If there were ISR on both end then I'd just do vrf-aware IPSec and plumb L2TPv3 inside of this to transport the vlan; of course this doesn't answer the original question of doing this with ASA
I believe that you can use ASA for the IPsec part and create GRE tunnels between the PE and CE (one for each VRF). You would need though something like ISR on both ends or switches that support GRE in hardware, so 3560/3750 should change.
I agree with you, it's just another option. GRE would give the ability to use eg 65xx as PE and also use eg "ip tcp adjust-mss" on the Tunnel interface, I don't know how this is handled with L2TPv3.
Of course I've assumed that the CE routes the VLANs on each VRF at the remote site...
Regards, John _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
