I have a Cisco DM-VPN spoke router that is setup with two internet connections, each in its own VRF (ISP1 and ISP2). The setup is almost identical to this: https://www.cisco.com/c/en/us/support/docs/security-vpn/dynamic-multi-point-vpn-dmvpn/119022-configure-dmvpn-00.html#anc11
The DM-VPN part works excellently, though I'm trying to figure out how I would get local internet access to work. I expect this would somehow involve getting the default routes from both VRFs (Which could also be dynamically obtained from DHCP or Dialer interfaces) to get into the global routing table. I found a few resources for "route leaking" but I haven't managed to get a default route from the VRF to show up in the global routing table. I just haven't been able to find examples of what I'm after, it seems like this is a very uncommon use of VRFs...
This would be a heavily simplified version of the config. I'd have a LAN interface in the global routing table, and two interfaces facing different ISPs in their own VRF.
ip vrf ISP1 rd 1:1 ip vrf ISP2 rd 2:2 int gi0 desc LAN ip add 192.168.0.1 255.255.255.0 int gi1 desc ISP1 ip vrf forwarding ISP1 ip add 192.168.1.1 255.255.255.0 int gi1 desc ISP2 ip vrf forwarding ISP2 ip add 192.168.2.1 255.255.255.0 ip route vrf ISP1 0.0.0.0 0.0.0.0 192.168.1.254 ip route vrf ISP2 0.0.0.0 0.0.0.0 192.168.2.254 
No comments:
Post a Comment