cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
1
Replies

PBR VTI Backup Tunnel on ASA

hash2k2
Level 1
Level 1

Hi,

my current situation: I have to implement a clound proxy solution.

We have a Cicso ASA 5525.

All http and https traffic should be send into a vti tunnel to the cloud provider. (with backup tunnel)

The VTI tunnels are up and running.
I have added a PBR on the inside interface to route all traffic into the tunnel:

route-map netskope-pbr permit 10
  match ip address pbr-netskope
  set ip next-hop 11.11.11.15 13.13.13.15

 

How can I verify or configure, that if the remote ip 11.11.11.15 is not reachable, that the traffic is send to 13.13.13.15?

If I manually shutdown the primary vti tunnel the traffic is already send to 13.13.13.15. Is this already configured correctly? Or do I have to add other statements?

1 Reply 1

Hello,

 

the config looks by the book. You can verify with 'debug policy-route' and send a ping sourced from an IP address in the 'pbr-netskope'.

Review Cisco Networking for a $25 gift card