Cisco Cisco IOS Software Release 12.2(27)SBC

Because VRF instances use Cisco Express Forwarding (CEF), you must configure CEF before 
configuring the VRF-Aware VPDN Tunnels feature.

CEF is on by default on the Cisco 10000 series router and it cannot be turned off. If you attempt to enable 
CEF, an error message appears.

The VRF-Aware VPDN Tunnels feature can only be used with Layer 2 Tunnel Protocol (L2TP).

The VRF-Aware VPDN Tunnels feature can only be used with Layer 2 Tunnel Protocol (L2TP) on 
the L2TP access concentrator (LAC). The reason is that the Cisco 10000 series router can only 
initiate tunnels in a VRF instance; it cannot terminate tunnels that arrive in a VRF instance. 
Therefore, this feature does not apply to the Cisco 10000 series router when the router is acting as 
the L2TP network server (LNS) because, as the LNS, the Cisco 10000 series router cannot terminate 
tunnels that arrive in a VRF instance. 

For multihop configuration in Cisco IOS Release 12.3(7)XI7 and later releases, the ingress tunnel 
also needs to arrive in the global routing table, but the tunnel can be switched out into a VRF 
instance towards the final LNS destination.

To configure the VRF-Aware VPDN Tunnels feature, you need to understand the following concepts: 

The Cisco 10000 series router supports the VRF-Aware VPDN Tunnels with the Layer 2 Tunnel Protocol 
(L2TP) on the L2TP access concentrator (LAC). As the LAC, the router supports the termination of 
tunnels in a virtual private network (VPN) routing and forwarding (VRF) instance. The Cisco 10000 
series router supports the VRF-Aware VPDN Tunnels feature on the PRE2 and PRE3.