Objective
The PBR Traffic from Web EPG (from User tenant-ABC) should go via Service BD (Internal) and via Service BD (External) and reach Shared L3out in Common Tenant for Internet access
Refer attachment for Topology
Configuration
- ASAV is the FW used in this topology and mapped to Tenant-ABC
E1 interface is Internal
E2 interface is External
Note:E1 and E2 interfaces are mapped to Service BD along with the mac address of ASAv
- L4L7 deivce is configured as unmanaged mode in under Tenant-ABC
- Service BD (Inside BD and outside BD) configured in Tenant ABC
- One L3out is created in common tenant for external services access like Internet etc
- Service Graph is created in Tenant-ABC
- When we deploy Service Graph with Two-arm, selecting inside as consumer and outside as provider (Flow-2
Result:
After deploying the service graph, we are unable to ping FW external interface from ACI
would like to understand on the inter-tenant VRF leaking using PBR configuration(Two-arm)