Hello All,

I'm hoping you can assist with come guidance on what I could be doing wrong.  I have a site where we had an L2tp vpn operating and all worked ok.  The client asked us to connect a 2nd Internet connection up to afor dedicated streaming traffic.  I setup PBR and now the L2TP vpn cannot connect to the devices on the inside.  I can however ping the Interfaces on the Router.

I'm missing something fundamental on how PBR has affected this setup.  Any ideas appreciated

Config excerpts

PRB
interface Vlan1
ip address 192.168.100.254 255.255.255.0
ip pim sparse-dense-mode
ip nat inside
ip virtual-reassembly in
ip policy route-map Route_to_G
!
interface Vlan100
no ip address
ip policy route-map Route_to_G
!
interface Vlan101
ip address 192.168.101.254 255.255.255.0
ip pim sparse-dense-mode
ip nat inside
ip virtual-reassembly in
ip policy route-map Route_to_BT
!
interface Vlan102
ip address 192.168.102.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map Route_to_BT
!
interface Vlan103
ip address 192.168.103.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map Route_to_BT
!

Outside interfaces
interface GigabitEthernet8
ip address 192.168.2.253 255.255.255.0
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
crypto map outside_map
!
interface Vlan254
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly in
crypto map outside_map
!
route-map Route_to_G permit 10
match ip address 110
set ip next-hop 192.168.1.254
!
route-map Route_to_BT permit 10
match ip address 120
set ip next-hop 192.168.2.254
!

ip nat inside source list 110 interface Vlan254 overload
ip nat inside source list 120 interface GigabitEthernet8 overload

access-list 1 permit any
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.102.0 0.0.0.255
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.103.0 0.0.0.255
access-list 110 permit ip 192.168.100.0 0.0.0.255 any
access-list 120 deny ip 192.168.101.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 120 deny ip 192.168.102.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 120 deny ip 192.168.103.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 120 permit ip 192.168.101.0 0.0.0.255 any
access-list 120 permit ip 192.168.102.0 0.0.0.255 any
access-list 120 permit ip 192.168.103.0 0.0.0.255 any
access-list 120 permit ip 192.168.105.0 0.0.0.255 any

L2tp Config

vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication

interface Loopback1
description loopback for IPsec-pool
ip address 192.168.105.1 255.255.255.255
ip nat inside
ip virtual-reassembly in
!
interface Virtual-Template1
ip unnumbered Loopback1
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2 VPDN_AUTH
ppp ipcp dns 8.8.8.8
!
ip local pool l2tp-pool 192.168.105.10 192.168.105.20

Thanks 

Dave