Showing results for 
Search instead for 
Did you mean: 

SD-WAN PBR on Tunnels Interfaces


Hi there,

I cannot find a way to create a PBR (Policy-based routing) and apply it inbound to the cEdge.

I looked at the documentation for creating a ePBR, but that is not working (at least for me) when I try to applied the policy in the tunnel interfaces.

Here is my scenario: cEgde with MPLS and Biz-Internet, 2 LAN interfaces (VPN10), one LAN interface runs OSPF with the core and the other LAN interface it is just a point to point that passes through an IPS.

My need is that I have to route inbound traffic landing from the SDWAN tunnels from specific source and specific destination to my second LAN towards the core.

In IOS is pretty straight forward. Create an ACL with the interested IPs, Create a new route-map where ACL is matched and set the next-hop, the apply the route-map to the inbound Interface. Policy can be applied in GRE and GRE with IPSEC tunnels.

In SD-WAN I cannot make it work. ePBR can be applied on Service VPN interfaces on the outbound direction, but that is not working in my inbound direction when policy would have to be added in the tunnels interfaces.

Here what I think the configuration should be:

ip access-list extended ACL-PBR
100 permit ip host any
class-map match-any CM-PBR
match access-group name ACL-PBR
policy-map type epbr PM-PBR
class test300
set ipv4 vrf 10 next-hop
interface Tunnel10000000
service-policy type epbr input PM-PBR
interface Tunnel10000012
service-policy type epbr input PM-PBR




1 Reply 1

Cisco Employee
Cisco Employee

Have you tried creating Centralized Data Policy Matching Source and Destination , choosed Next Hop pointing towards Core in Action TAB and Apply the data policy from the tunnel ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: