Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
3
Replies

PBR in a VRF

Go to solution
lcaruso
Level 6
Level 6

‎03-16-2013 03:23 PM - edited ‎03-04-2019 07:19 PM

Hi,

Need to solve a routing problem. Maybe PBR?

I have a 3925 CE that peers via BGP with a Managed Internet Service (MIS) PE.

The CE also peers via BGP with a managed vpn provider PE (same company).

Further, the same public wan port on this 3925 also terminates a vpn tunnel to a remote office site.

The problem stems from using a default/global routing table and an MIS vrf. The MIS vrf default route is to the MIS CE. The problem comes when traffic from the remote office arrives on the 3925 across the tunnel destined for the Internet. We want to force all traffic from the remote office to the internal firewall connected to the 3925, but the default vrf route sends it right out the Internet.

The MIS vrf default route to the MIS peer is necesary. It needs to stay.

What's a good solution for this scenario?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
blau grana
Level 7
Level 7

‎03-17-2013 12:52 AM

Hello lcaruso,

VRF would be the best option.

Here is link where similar problem was solved.

https://supportforums.cisco.com/message/3860865

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

0 Helpful
3 Replies 3

Go to solution
blau grana
Level 7
Level 7

‎03-17-2013 12:52 AM

Hello lcaruso,

VRF would be the best option.

Here is link where similar problem was solved.

https://supportforums.cisco.com/message/3860865

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to blau grana

‎03-17-2013 03:53 AM

Thanks for your reply. I agree very similiar setup.

We had a deadline and couldn't wait and so we had to pull the tunnels off of the router and put them on the ASA.

I'll keep this link for later reference.

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to blau grana

‎03-21-2013 08:28 AM

Here's a link with a title that matches my problem title (provided by a very helpful TAC engineer, THANKS DAVID B!)

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html

David's comments:

...in regards to your post, it is correct, it seems static VRF routes is your option if you need to reroute traffic to a different next hop. Now, if you need to do this only for specific subnets (based on the IP source), meaning, some subnets need to be redirected to ASA and some others needed to follow the default route, then you would need to configure PBR with set vrf ip next-hop command.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card