Hello,

First of all, excuse me for my English. I hope you could understand me.

Here is the issue.

I've got 3 ISP, The first ISP (ISP1) is used for SMTP (inbound & outbound) and webmail (https Inbound).

On the second ISP (ISP2) => Web (http, https, dns, msn, etc.) and Inbound VPN.

On the third ISP (ISP3), => Inbound FTP an dHTTP.

This configuration seems to works perfetly, but what i want to do is:

- Use the third ISP (ISP3) for inbound VPN.

OR

- if it's not possible, use the third ISP for Web outbound protocol (http, https, etc.)

I configure Policy Based Routing.

My first attempt for inbound VPN on the third ISP was not a success. In fact, traffic go through the first SA (client => router) but is not re-encapsulate (router => client) in the second SA. So, i think that the default route is the problem ??

When i use "sh ip access-list" command, i never see change on my access-list for ESP traffic, ESP seems to not match this ACL (access-list 106).

For the second solution, (Outbound web access through the third ISP), PBR seems to works but i've the feeling that router doesn't do any NAT on Interface (FA 0/1)? It's really strange and i'm stuck in this !!