Hi!
Please make the following changes:
Site A:
interface loopback 10
ip address 1.254.254.1 255.255.255.252
exit
!
ip access-list extended NAT_BYPASS_VPN
permit ip 10.1.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.6.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 172.16.6.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 172.16.6.0 0.0.0.255
exit
!
route-map INSIDE_ROUTE-MAP permit 10
set ip next-hop 1.254.254.2
match ip address NAT_BYPASS_VPN
exit
!
interface Vlan1
ip policy route-map INSIDE_ROUTE-MAP
exit
!
ip access-list extended SDM_1
no permit ip host 10.1.1.23 0.0.0.0 255.255.255.0
no permit ip host 98.x.x.133 10.0.0.0 0.0.0.255
no permit ip 98.x.x.0 0.0.0.255 10.0.0.0 0.0.0.255
!
Site B:
ip access-list extended NAT_BYPASS_VPN
permit ip 172.16.6.0 0.0.0.255 172.16.4.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 172.16.4.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 172.16.4.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 192.168.3.0 0.0.0.255
exit
!
interface loopback 10
ip address 1.254.254.1 255.255.255.252
exit
!
route-map INSIDE_ROUTE-MAP permit 10
set ip next-hop 1.254.254.2
match ip address NAT_BYPASS_VPN
exit
!
interface BVI1
ip policy route-map INSIDE_ROUTE-MAP
!
interface BVI100
ip policy route-map INSIDE_ROUTE-MAP
!
Let me know how it works and remember that entries are evaluated in order of their sequence numbers until the first match occurs. If no match is found, packets are routed normally.
Portu.
Please rate if you find it helpful.
