Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Site to site VPN traffic PBR

Hi,

Is it possible to apply policy based routing for site to site VPN traffic?

crypto map vpn.center 1 ipsec-isakmp

set peer a.b.c.d

set transform-set TSET_Vyatta

set pfs group2

match address 101

In this config all traffic in remote office is sent to ISR over VPN and NAT translated with

ISR's public IP address to Internet. I would like to send this traffic to Microsoft ISA server.

In DMVPN config traffic can be redirected with ip route maps applied to Tunnel interface.

I don't know how to achieve the same with site to site VPN.

TIA

1 REPLY
Cisco Employee

Site to site VPN traffic PBR

PBR is done before plain routing, and IPSec follows routing, so, PBR on the
ingress and IPsec encryption on the egress should work. Just match the interesting traffic
put the it on the route-map and add it to the inside/LAN interface.
121
Views
0
Helpful
1
Replies
CreatePlease to create content