Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1722
Views
0
Helpful
4
Replies

Cisco ASA policy based routing on IPSec VPN

yong khang NG
Level 5
Level 5

‎07-31-2018 07:51 AM - edited ‎02-21-2020 08:02 AM

Hi all,


Is Cisco ASA PBR support the traffic route thru IPsec S2S VPN tunnel interface?


I am planning traffic that include in the interesting traffic all route via one physical interface (as this interface use for IPSec VPN), the rest route via another physical interface


Is it possible?


Thanks


Noel

Labels:
0 Helpful
4 Replies 4

Francesco Molino
VIP Alumni
VIP Alumni

‎07-31-2018 08:33 PM

Hi

I'm sorry but i don't understand your question. I know you're want to do PBR but nothing more.
Can you please elaborate more?

If i answer based on your post title, yes you can do PBR to send traffic to vpn but i believe this want the question.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎08-01-2018 03:58 AM

IPSEC VPNs are used based on interesting traffic, defining source and destination IP addresses, so in essence the are already using PBR.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Florin Barhala
Level 6
Level 6
In response to Dennis Mink

‎08-01-2018 05:12 AM

He mentioned his question is about IPSEC VTIs or IPSEC interface mode.
Now I just looked over 9.9 documentation for PBR Guidelines and there's no mention about VTIs so I would assume it should work.
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Florin Barhala

‎08-01-2018 02:57 PM

Yes and that's why I asked to clarify a bit because if it's Policy based VPN I don't see the need as @Dennis explained. And if it's route based VPN, then yes it works.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card