Hello dear community,
I have a challenge at my hands. Ive designed the policies according to the theories ive learnt. Please validate & let me know if this will work.
Requirement -
1. O365 traffic to breakout from DC1 or DC2. (bulky traffic)
2. Every spoke (vE100m) to have only 1 internet connection with local breakout for internet traffic. (no config pasted in trail. IPSEC connection to Zscaler)
3. Internet is broadband, hence poor quality. Therefore require FEC or Packet duplication for OMP traffic.
4. Need to choose best tunnel based on SLA class towards DC1 or DC2. No hardcoding of TLOC preference.
Below is the config -
tloc-list tl-SDWGW_SITE_TLOCS
tloc 1.20.0.1 color biz-internet encap ipsec <-- DC1
tloc 1.60.0.1 color biz-internet encap ipsec <-- DC2
!
sla-class sc-POLICY_COMBO
loss 2
latency 50
jitter 1
!
data-policy dp-POLICY_COMBO
vpn-list vl-SERVICE_TRUSTED_VPN
sequence 10
match
source-ip 0.0.0.0/0
app-list al-MICROSOFT_APPS
!
action accept
count O365
set
vpn 1
tloc-list tl-SDWGW_SITE_TLOCS
!
!
!
sequence 20
action accept
loss-protection packet-duplication
!
!
default-action accept
!
!
app-route-policy arp-POLICY_COMBO
vpn-list vl-SERVICE_TRUSTED_VPN
sequence 10
action
sla-class sc-POLICY_COMBO
!
!
control-policy cp-POLICY_COMBO
sequence 10
match route
!
action accept
set
tloc-list tl-SDWGW_SITE_TLOCS
!
sequence 20
match tloc
tloc-list tl-SDWGW_SITE_TLOCS
!
action accept
!
!
default-action reject
!
apply-policy
site-list sl-POLICY_COMBO
control-policy cp-CN_HOMED_TYPE_B_IN in
control-policy cp-POLICY_COMBO out
data-policy dp-POLICY_COMBO from-service
app-route-policy arp-POLICY_COMBO