cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1559
Views
0
Helpful
5
Replies

Policy based routing on SVI

zeeahmed123
Level 1
Level 1

Hi All

I have a situation and need some advice if possible.

I have a 6500 series with SUP720-3B and I need to to do some kind of PBR so that my outbound traffic to the internet goes via ISP1 and my inbound VPN traffic goes via ISP2. The setup is as follows:

I have two vlans configured on my switch, VLAN 10 and VLAN 20 which are layer 2 VLANS with no SVIs. In these VLANS i have the repesctive ISP routers; ISP1 VLAN 10 and ISP2 in VLAN 20. The firewalls being used are the Cisco ASA 5520 models. For our example I will call tem ASA1 for ISP1 and ASA2 for ISP2. Now, ASA1 will be generating a default route into my network using the IP SLA feature and this default route is what will take the the users out to the internet via ISP1. The second ASA will be allowing inbound VPN connections (both remote access VPN and site-to-site VPN traffic.

I want the traffic that comes in via ASA2 to go back out the same way. The question I have is that when the remote access or the site-to-site VPN traffic comes into the network ow will it go back when the default route is pointing to ASA1?

My thoughts were to do PBR on the Catalyst 6500 which is my core switch, but i amnot sure where the PBR needs to be applied. Do I apply it to all SVIs interfaces of my internal VLANS so that returning traffic is PBR to ASA2? The VPN clients and the site-to-site VPN will require access to all the VLANS internally? The Cisco documentation states that the route-map be applied to the SVI of the VLAN from which the traffic is coming into; I am confused and need some advice..

Thanks

2 Accepted Solutions

Accepted Solutions