Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
353
Views
2
Helpful
6
Replies

Which config will apply: centralized policy or template-based approach

Go to solution
**Hamid**
Level 1
Level 1

‎01-28-2025 04:07 AM

Hi,

I have applied a centralized policy for DIA and also created a template, which I applied to a specific location. My question is: Which configuration will ultimately apply to the location?

In general, my question is: When we apply a configuration through a centralized policy and also apply the same configuration via a template, which one takes precedence and will be applied on a cEdge router?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎01-29-2025 05:33 PM

Hi,

when both are implemented, centralized data policy takes precedence for forwarding. Because in order of operations, it happens first before forwarding decision. It means, traffic on service-side will be put to VPN0 due to nat in centralized policy and router will not check service-side routing table anymore.

Picture is from SDWAN CVD:

KananHuseynli_0-1738200788168.png

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎01-28-2025 04:08 AM

DIA need local policy  not central policy 

MHM

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to **Hamid**

‎01-28-2025 04:32 AM

""Direct traffic from service VPN with either a static route or a centralized data policy."" <<- I prefer first op.

MHM

0 Helpful

Go to solution
**Hamid**
Level 1
Level 1
In response to MHM Cisco World

‎01-28-2025 04:34 AM

Regarding your message, the question is: When we direct traffic from the service VPN using either a template or a centralized policy, which configuration will ultimately take precedence and apply?

Go to solution
Jeongjun Park
VIP
VIP

‎01-29-2025 08:32 AM

It depends on the functions.

In case of DIA, I think there is no priority.

 

As you know, You can achieve DIA in 2 ways.

1. Feature Template > Service VPN > Static route 

2. Centralized Policy > NAT VPN 0

The only difference is whether It is deployed by vSmart or Local Configuration.

 

* When It comes to Service Side NAT, It needs Centralized policy not only local configuration.

0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎01-29-2025 05:33 PM

Hi,

when both are implemented, centralized data policy takes precedence for forwarding. Because in order of operations, it happens first before forwarding decision. It means, traffic on service-side will be put to VPN0 due to nat in centralized policy and router will not check service-side routing table anymore.

Picture is from SDWAN CVD:

KananHuseynli_0-1738200788168.png

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top