This section shows how to configure a single logical interface to handle VPN and Internet traffic traveling both to and from the Internet and the CE router. This interface can handle both VPN and Internet traffic as long as there are no private addresses in the VPN. The VPN routes received from the CE router are added to the main routing table inet.0 by means of routing table groups. This allows the PE router to attract the return traffic from the Internet (see Figure 38).
Figure 38: Interface Configured to Carry Both Internet and VPN Traffic
In this example, the CE router does not need to perform NAT, because all the VPN routes are public. The CE router has a single interface to the PE router, to which it advertises VPN routes. The PE router has a default route in the VRF table pointing to the main routing table inet.0. The PE router also imports VPN routes received from the CE router into inet.0 by means of routing table groups.
The following configuration for Router PE1 uses the same topology as in Routing VPN and Internet Traffic Through Different Interfaces. This configuration uses a single logical interface (instead of two) between Router PE1 and Router CE1.
The following sections show how to route VPN and Internet traffic through the same interface bidirectionally (VPN has public addresses):
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |