This method will route traffic out the source VRF to the global table and back in the destination VRF.
ip extcommunity-list standard V5 permit rt 1:5 ip extcommunity-list standard V7 permit rt 1:7 !
ip prefix-list IMPORT-5 seq 5 permit 184.108.40.206/24 ip prefix-list IMPORT-5 seq 15 permit 1.0/24 ip prefix-list IMPORT-7 seq 5 permit 220.127.116.11/24 ip prefix-list IMPORT-7 seq 15 permit 1.0/24 !
A RT or route-target on the other hand is a BGP extended community which gets attached when a prefix is exported from the VRF RIB table into the VRF-aware BGP table to identify VPN membership.
The confusing part is that the RT import/export function in Cisco IOS is defined under the VRF configuration section and not under the BGP section. This means without BGP enabled on Router1, the RT import/export would yield no result.
For this two routes are needed in the global RIB for the next-hop IPs of VPN5 and VPN7: interface Fast Ethernet0/0 ip vrf forwarding VPN5 ip address 1.1 255.255.255.0 !
interface Fast Ethernet0/1 ip vrf forwarding VPN7 ip address 1.1 255.255.255.0 !
So to test 18.104.22.168/24 should be allowed to ping 22.214.171.124/24 but no other 55.5 range.
This is done by using the command “ip route vrf NAME x.x.x.x s.s.s.s global”.
Here is the config to complete the first option: ip vrf VPN5 rd 100:5 import map V5-MAP route-target export 1:5 route-target import 1:5 route-target import 1:7 !