Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
1
Replies

Site to site VPN traffic PBR

nmdc.kzstan
Level 1
Level 1

‎01-22-2014 02:12 AM - edited ‎03-04-2019 10:08 PM

Hi,

Is it possible to apply policy based routing for site to site VPN traffic?

crypto map vpn.center 1 ipsec-isakmp

set peer a.b.c.d

set transform-set TSET_Vyatta

set pfs group2

match address 101

In this config all traffic in remote office is sent to ISR over VPN and NAT translated with

ISR's public IP address to Internet. I would like to send this traffic to Microsoft ISA server.

In DMVPN config traffic can be redirected with ip route maps applied to Tunnel interface.

I don't know how to achieve the same with site to site VPN.

TIA

Labels:
0 Helpful
1 Reply 1

Amit Singh
Cisco Employee
Cisco Employee

‎01-22-2014 04:25 AM 

PBR is done before plain routing, and IPSec follows routing, so, PBR on the
ingress and IPsec encryption on the egress should work. Just match the interesting traffic
put the it on the route-map and add it to the inside/LAN interface.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card