Hi All I am having some difficulty understanding the concept of VRF Aware IPSec. My initial impression with the "BAsic VRF Aware IPSec" entry on the extended blueprint was that it just meany making an IPSec tunnel work with a specific VRF instance which seem straight forward enough.
Having read through some documents I know am aware of different concept such as front-door and inside VRF which are specific to this and I am confused. None of the documents really told me why there is a need to use two VRFs for IPSec VPN and why one would do such and thing and how it is even possible considering VRFs by design are meant to keep traffic seperated. I read things about having to use MPLS and BGP to redistribute and all these things and I start wonder if this is really going to be something that will be covered on a CCIE *Security *exam. So can someone help me out and point me towards a complete document that doesn't just talk about VRF IPSec being "magic" or even be so kind as to give me a high level overview of why there is a need for two VRFs and how it works? Sure, if someone thinks that this, what seems somewhat more advanced form of VRF Aware IPSec is not what is meant when the blueprint says "Basic VRF Aware IPSec" please let me know that also. I am kind of hopeful that really just means making sure one uses a key-ring as opposed to indivual passphrases in ISAKMP and remembering to add the VRF keyword to end of normal IPSec commands. Thanks Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
