Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
3
Replies

PBR after Site-to -site VPN

Kurt Lei
Level 1
Level 1

‎03-30-2017 07:48 PM - edited ‎03-08-2019 09:59 AM

Dear All

I have a design that is using 2800 router to build site to site VPN to remote site. I would like to create PBR in 2800 router when the traffic from remote site reached. However, I have an question is which interface should apply the PBR. Should it work to do in local PBR ? Thanks all.  

Remote Site - (VPN) - 2800 router - Switch - Server

Kurt

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-30-2017 10:33 PM

You are trying to do PBR on the traffic from the remote site? Put the PBR on the interface that terminates the VPN.

Better yet, use GRE over IPSec which will make doing PBR much more straight forwards.

0 Helpful

Kurt Lei
Level 1
Level 1
In response to Philip D'Ath

‎04-02-2017 10:43 AM

Thanks Philip,

No, I try to do at the Headquarter side. Most likely, remote site will initiate traffic from remote side and headquarter receive the traffic. Can I still do the PBR at the outside interface in headquarter side ? Or do the local PBR instead ?

It is sad that the customer design can't change and that's the only way to do site-to-site VPN in the future.

Kurt

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Kurt Lei

‎04-02-2017 11:49 AM

It is not clear to me what you need to achieve - but you can do PBR on any interface, depending on the features you want to use.

0 Helpful
Customers Also Viewed These Support Documents