Policy based VPN at Cisco Side and Route based VPN at another OEM

Anil Ku · ‎07-13-2021

Hello Team,

Is it possible..

Kindly advise.

Best Regards

Anil Singh

Rob Ingram · ‎07-13-2021

@Anil Ku

That does not work.

Why do you need to do that? Most Cisco devices (depending on which version of software you are running) support route based VPNs.

Anil Ku · ‎07-13-2021

I am not asking about cisco to Cisco..

Cisco to another vendor like checkpoint , juniper etc..

Rob Ingram · ‎07-13-2021

@Anil Ku

I know you are not, but you said you want to run policy based VPN on the cisco device and I suggested that you can run route based VPN on all cisco devices. So run Route Based VPN on both devices, regardless what the peer device is.

Anil Ku · ‎07-13-2021

and if one side route based and another side policy based or vice versa, will it work or not?

nagrajk1969 · ‎07-16-2021

1. On the vpn-peergw (say the Cisco Router) that has been configured with Route-based vpn, the implicit policy (or as you say traffic-selectors) is:

Local <> Remote: 0.0.0.0/0 <> 0.0.0.0/0

2. So in the remote VPN-Peergw that has been configured for Policy-Based VPN, it should work if you configure the policy-traffic-selectors as below.

Local <> Remote: 0.0.0.0/0 <> 0.0.0.0/0

Or

Local <> Remote: ANY <> ANY

Note: This may not be supported in all Policy-Based VPN Gateways...so if supported, config the policy as below, and it should be now compatible to establish with the route-based vpn peer