Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
1
Replies

PBR VTI Backup Tunnel on ASA

hash2k2
Level 1
Level 1

‎10-20-2020 05:52 AM

Hi,

my current situation: I have to implement a clound proxy solution.

We have a Cicso ASA 5525.

All http and https traffic should be send into a vti tunnel to the cloud provider. (with backup tunnel)

The VTI tunnels are up and running.
I have added a PBR on the inside interface to route all traffic into the tunnel:

route-map netskope-pbr permit 10
  match ip address pbr-netskope
  set ip next-hop 11.11.11.15 13.13.13.15

 

How can I verify or configure, that if the remote ip 11.11.11.15 is not reachable, that the traffic is send to 13.13.13.15?

If I manually shutdown the primary vti tunnel the traffic is already send to 13.13.13.15. Is this already configured correctly? Or do I have to add other statements?

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎10-20-2020 09:57 AM

Hello,

 

the config looks by the book. You can verify with 'debug policy-route' and send a ping sourced from an IP address in the 'pbr-netskope'.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card