[Openswan dev] vrf aware ipsec
Anish Verma
averma at netd.com
Mon Apr 18 17:16:53 CEST 2005
Hi,
I am trying to understand the vrf aware ipsec implementation. The
problem here is ip address in different vrfs (VPNs) can be overlapping
or exactly same so the client ip addresses can be same for the tunnels.
In this scenario if we try to setup separate tunnels for each VPN
between the same peers. How the client identification helps here? As
client ip address can be same we can't just use ip address to
identifying them.
---------- ----------
| vpn RED | | vpn RED |
| 10.1/16 | | 10.2/16 |
----------- -----------
\ /
\ /
----------- --------------
| PE 1 | | PE 2 |
| |----------------------------| |
----------- -------------
/ \
/ \
----------- --------------
| Vpn BLUE | | VPN BLUE |
| 10.1/16 | | 10.2/16 |
----------- --------------
In the above case we want to setup two tunnels between PE1 and PE2 one
each for VPN blue and VPN red. Here client is exactly same.Is there any
way by which we can do this.
Thanks
Anish
More information about the Dev
mailing list