cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
354
Views
2
Helpful
6
Replies

Which config will apply: centralized policy or template-based approach

**Hamid**
Level 1
Level 1

Hi,

I have applied a centralized policy for DIA and also created a template, which I applied to a specific location. My question is: Which configuration will ultimately apply to the location?

In general, my question is: When we apply a configuration through a centralized policy and also apply the same configuration via a template, which one takes precedence and will be applied on a cEdge router?

1 Accepted Solution

Accepted Solutions

Hi,

when both are implemented, centralized data policy takes precedence for forwarding. Because in order of operations, it happens first before forwarding decision. It means, traffic on service-side will be put to VPN0 due to nat in centralized policy and router will not check service-side routing table anymore.

Picture is from SDWAN CVD:

KananHuseynli_0-1738200788168.png

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

6 Replies 6

DIA need local policy  not central policy 

MHM

""Direct traffic from service VPN with either a static route or a centralized data policy."" <<- I prefer first op.

MHM

Regarding your message, the question is: When we direct traffic from the service VPN using either a template or a centralized policy, which configuration will ultimately take precedence and apply?

It depends on the functions.

In case of DIA, I think there is no priority.

 

As you know, You can achieve DIA in 2 ways.

1. Feature Template > Service VPN > Static route 

2. Centralized Policy > NAT VPN 0

The only difference is whether It is deployed by vSmart or Local Configuration.

 

* When It comes to Service Side NAT, It needs Centralized policy not only local configuration.

Hi,

when both are implemented, centralized data policy takes precedence for forwarding. Because in order of operations, it happens first before forwarding decision. It means, traffic on service-side will be put to VPN0 due to nat in centralized policy and router will not check service-side routing table anymore.

Picture is from SDWAN CVD:

KananHuseynli_0-1738200788168.png

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Review Cisco Networking for a $25 gift card