Policy Based Forwarding

cancel
Showing results for 
Search instead for 
Did you mean: 

Policy Based Forwarding

L1 Bithead

We have a branch in a different state to which we have a DS3 MPLS circuit. We and our  branch office have there own ISP connections for Internet access. I would like to have redundancy build between both of our companies through IPSec VPN tunnel in the event of DS3 goes down. So my question is can I use  PBF's to achieve the redundancy. Is PBF capable of monitoring the next hop link and failover to the next PBF's.  Can any one suggest me which path should I take to achieve the auto failover of my DS3 to IPsec VPN tunnel.

2 REPLIES 2

L4 Transporter

IF the IPSEC tunnel is the backup and the MPLS link is the preferred route, then do the folloing.

1) Set the routing table to choose the tunnel as the best route.

2) Configure a PBF rule that sends traffic out the MPLS link

-- The PBF needs to monitor the next hop or a device along the MPLS path

-- You can not use PBF to redirect traffic that originates/terminates on the Paloalto

For example:

If your IPSEC tunnel uses eth1 as an endpoint  and  exits eth1 to build that tunnel, PBF can not be useto redirect the eth1 IPSEC out eth2 instead.

Steve Krall

L3 Networker

I am looking for this exact configuration. Were you able to get it working as expected using PBF?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!