Hi there,

I cannot find a way to create a PBR (Policy-based routing) and apply it inbound to the cEdge.

I looked at the documentation for creating a ePBR, but that is not working (at least for me) when I try to applied the policy in the tunnel interfaces.

Here is my scenario: cEgde with MPLS and Biz-Internet, 2 LAN interfaces (VPN10), one LAN interface runs OSPF with the core and the other LAN interface it is just a point to point that passes through an IPS.

My need is that I have to route inbound traffic landing from the SDWAN tunnels from specific source and specific destination to my second LAN towards the core.

In IOS is pretty straight forward. Create an ACL with the interested IPs, Create a new route-map where ACL is matched and set the next-hop, the apply the route-map to the inbound Interface. Policy can be applied in GRE and GRE with IPSEC tunnels.

In SD-WAN I cannot make it work. ePBR can be applied on Service VPN interfaces on the outbound direction, but that is not working in my inbound direction when policy would have to be added in the tunnels interfaces.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/epbr-cisco-sdwan.html

Here what I think the configuration should be:

ip access-list extended ACL-PBR
100 permit ip host 10.199.2.89 any
!!
class-map match-any CM-PBR
match access-group name ACL-PBR
!
policy-map type epbr PM-PBR
class test300
set ipv4 vrf 10 next-hop 10.199.2.89
!
interface Tunnel10000000
service-policy type epbr input PM-PBR
interface Tunnel10000012
service-policy type epbr input PM-PBR

Thanks!