Remote access VPN, NAT and PBR

Unanswered Question
Jul 8th, 2010
User Badges:


On the router there is PBR configured because of multihoming.  Now when remote users connect via VPN they connect fine but are not able to access any resources due to the fact that the traffic is PBR to one ISP but not to the other (internet only traffic).  This PBR needs to remain in place.  Is there a way to exclude VPN users from the PBR?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 07/08/2010 - 06:28
User Badges:
  • Green, 3000 points or more


The VPN users should have their own pool of IP addresses assigned when they connect via VPN.

In this way using ACLs, you can exclude the VPN subnet from PBR.


kpintens Thu, 07/08/2010 - 06:33
User Badges:

They are in their own pool and tried denying that in the ACL for PBR but still no joy

Federico Coto F... Thu, 07/08/2010 - 06:40
User Badges:
  • Green, 3000 points or more

So what happens to the VPN clients when they connect?

They are routed out to some ISP instead of been able to access the inside network?

What does the PBR looks like?


kpintens Thu, 07/08/2010 - 06:49
User Badges:

users connect fine, when coming from both ISP's but when a remote user connects it can come from anywhere, access to the resources works if coming from ISP 1 but not from the other one (and this should be ISP x because this should be any ISP worldwide)

PBR is set to route traffic from certain servers via ISP 1, ISP 2 is  used for internet access

zeuscyril Sun, 03/11/2012 - 00:17
User Badges:

hi federico,

is this scanrio is possible or not ?

if it is possible guide me.atleast tell me the status (possible or not possible).because i am trying mor than a week for this type of solution.



jeffrey-hughes Wed, 01/19/2011 - 14:01
User Badges:

Does anyone have a solution for this?  I am running into a similiar  situation.  I have a 2911 with 2 ISPs.  ISP1 is for internet traffic  only, ISP2 is for remote locations connected via Tunnels.  When I  connect via Remote VPN, I connect, but can not access ANY resource.

Remote VPN has unique network, is excluded from PBR ACLs

Remote VPN is setup on ISP2 - Same as the VPN Tunnels.

Any help would be appreciated.

zeuscyril Tue, 03/06/2012 - 06:35
User Badges:

hi all,

i am facing same issue anybody got solution for this

or it is not possible at all.




This Discussion