Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
10
Helpful
3
Replies

PBR for incomign traffic from S2S vpn

baselzind
Level 6
Level 6

‎02-01-2022 03:32 AM - edited ‎02-01-2022 03:33 AM

I have branches that connect to me through ASA then into my core through static route, I need to apply PBR so that they are directed to a proxy, if i apply a route map on the interface on my core connected to the asa inside can i only divert my S2S traffic? Im very worried because i have a big network and any mistake might bring the whole thing down. so let us say my S2S subnet is 192.168.1.0/24 can i do the following so that only this subnet is diverted not any other traffic?

 

ip access-list extended Branch-Users
 permit ip 192.168.1.0 0.0.0.255 any

deny ip any any

!

route-map test permit 1

match ip address Branch-Users

set ip next-hop ""proxy ip""

 

then i add this route map under the interface that connects to the ASA inside

Labels:
3 Replies 3

Flavio Miranda
VIP
VIP

‎02-01-2022 03:55 AM

Hi

 It seems correct to me.  One advise. Using some simulator like GNS3, which is very simple to use, try to test before implement considering you are not comfortable with that.

 Since your traffic is going through ASA, you can also take a look on the protocol WCCP . It might allow you a better implementation of the same task.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_wccp.html#wp1135991 

MHM Cisco World
VIP
VIP

‎02-01-2022 06:23 AM

just to clear 
ASA-Core-Subnet"A"
ASA have S2S from Subet"A" to branch ?

0 Helpful

MHM Cisco World
VIP
VIP

‎02-01-2022 04:44 PM

https://www.petenetlive.com/KB/Article/0000982

check this link may be it help you to solve your issue.

0 Helpful
Customers Also Viewed These Support Documents