PBR after Site-to -site VPN

Kurt Lei · ‎03-30-2017

Dear All

I have a design that is using 2800 router to build site to site VPN to remote site. I would like to create PBR in 2800 router when the traffic from remote site reached. However, I have an question is which interface should apply the PBR. Should it work to do in local PBR ? Thanks all.

Remote Site - (VPN) - 2800 router - Switch - Server

Kurt

Philip D'Ath · ‎03-30-2017

You are trying to do PBR on the traffic from the remote site? Put the PBR on the interface that terminates the VPN.

Better yet, use GRE over IPSec which will make doing PBR much more straight forwards.

Kurt Lei · ‎04-02-2017

Thanks Philip,

No, I try to do at the Headquarter side. Most likely, remote site will initiate traffic from remote side and headquarter receive the traffic. Can I still do the PBR at the outside interface in headquarter side ? Or do the local PBR instead ?

It is sad that the customer design can't change and that's the only way to do site-to-site VPN in the future.

Kurt

Philip D'Ath · ‎04-02-2017

It is not clear to me what you need to achieve - but you can do PBR on any interface, depending on the features you want to use.