cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
0
Helpful
1
Replies

split traffic between Metro Ethernet and DMVPN with IPSec

brettlarkins
Level 1
Level 1

Hi All,

I have some sites that have DMVPN built between them and traffic is encrypted with IPSec.

We now have voice traffic we want to send between the sites, but want to separate that traffic so it is passed unencrypted and so the carrier can honor the packet tagging.  How should I approach this?

In the past, with traditional IPSec tunnels, this would have been done with crypto maps, but with the DMVPN configuration, all the traffic is sent across the tunnel and there is no crypto map config to identify the interesting traffic.

Thanks.

1 Reply 1

brettlarkins
Level 1
Level 1

Did this using route-maps.

Matched traffic with EF and CS3 markings and set the next hop to the outside address of the next hop router so the route was no longer through the tunnel.  The catch was that I also had to deny this traffic same traffic from the tunnel interface in order for it to take effect and route the way I wanted.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: