Hello there,

I have one interesting problem with local PBR on 2921 router. Here is the case,

On HQ site there is 2921 router with two directly connected ISP, and there is Branch which is connected to only one ISP.

The configuration should be to connect HQ router to Branch router with two VTI tunnels, so that each tunnel on HQ site should be

terminated on different ISP, and EIGRP will be monitoring each VTI status.The problem is on HQ site, there is only one way to specify router

with LOCAL PBR configuration, so router should send on ISP1 terminated tunnel traffic to ISP1, and on ISP2 interface terminated tunnel traffic to ISP2.

As I know this configuratino should work, but I could't make it work on c2900-universalk9-mz.SPA.151-4.M4.bin IOS, and on

c2900-universalk9-mz.SPA.152-2.T1.bin.

Here is simple config:

ISP1 ip is 1.1.1.1

ISP2 ip is 2.2.2.2

3.3.3.3 is Branch ip address.

!

ip vrf BRANCH

rd 9:9

!

interface Tunnel1

description TO.BRANCH.ISP1

ip vrf forwarding BRANCH

ip address 192.168.0.1 255.255.255.252

tunnel source 1.1.1.1

tunnel mode ipsec ipv4

tunnel destination 3.3.3.3

tunnel protection ipsec profile Encrypt

!

!

interface Tunnel2

description TO.BRANCH.ISP2

ip vrf forwarding BRANCH

ip address 192.168.0.5 255.255.255.252

tunnel source 2.2.2.2

tunnel mode ipsec ipv4

tunnel destination 3.3.3.3

tunnel protection ipsec profile Encrypt

access-list 1 permit host 1.1.1.1

access-list 2 permit host 2.2.2.2

!

route-map PBR permit 10

match ip address 1

  set ip next-hop 1.1.1.3(ISP1 next host)

!

route-map PBR permit 20

match ip address 2

set ip next-hop 2.2.2.3(ISP2 next host)

!

ip local policy route-map PBR

when I configure one default static route, it starts workig, but both tunnels go with specified ISP, and also there is no vrf problem,

when there is no any vrf config it also don't work. gre tunnels also dont work.

Do you have any idea how make this think work ?