cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1197
Views
0
Helpful
3
Replies

Policy Based Routing for IPSec VPN

tyler.perkey
Level 1
Level 1

Hi all,

I wanted to know if it was possible to used a PBR on an ASA for IPSec VPN tunnels.  I have a client that just upgrade to an MPLS circuit, but they have several location still on standard internet pipes.  I have a backup circuit at the main location that I would like to PBR all there VPN too.

3 Replies 3

Dennis Mink
VIP Alumni
VIP Alumni

Can you add a diagram of what you are trying to achieve?

 

also, the MPLS circuit and 'internet pipes' as you call them, do the terminate on the same device?

 

I would think that routing. could decide to either go accross mpls or internet VPN.  

Please remember to rate useful posts, by clicking on the stars below.

Correct, the MPLS circuit and the "internet pipe" terminate on g0/0 and g0/2, respectively, on the ASA.

What I'm trying to achieve is 4 VPNs to remote site terminating on the internet circuit until we get those site on the MPLS cloud.

What version of ASA are you running?

If you are using VTI VPNs on ASA (assuming you have a supported version),
then you can use dynamic routing to send the traffic to the VPN sites over
VPN tunnels.

If you are using crypto-maps and want to use PBRs on inside interface, ASA
support PBR starting from 9.4(1)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: