Policy Based Routing for IPSec VPN

tyler.perkey · ‎08-28-2018

Hi all,

I wanted to know if it was possible to used a PBR on an ASA for IPSec VPN tunnels. I have a client that just upgrade to an MPLS circuit, but they have several location still on standard internet pipes. I have a backup circuit at the main location that I would like to PBR all there VPN too.

Dennis Mink · ‎08-29-2018

Can you add a diagram of what you are trying to achieve?

also, the MPLS circuit and 'internet pipes' as you call them, do the terminate on the same device?

I would think that routing. could decide to either go accross mpls or internet VPN.

Please remember to rate useful posts, by clicking on the stars below.

tyler.perkey · ‎08-29-2018

Correct, the MPLS circuit and the "internet pipe" terminate on g0/0 and g0/2, respectively, on the ASA.

What I'm trying to achieve is 4 VPNs to remote site terminating on the internet circuit until we get those site on the MPLS cloud.

Mohammed al Baqari · ‎08-29-2018

What version of ASA are you running?

If you are using VTI VPNs on ASA (assuming you have a supported version),
then you can use dynamic routing to send the traffic to the VPN sites over
VPN tunnels.

If you are using crypto-maps and want to use PBRs on inside interface, ASA
support PBR starting from 9.4(1)