Wednesday, June 5, 2019

Cisco ASA: Service-policy on a Tunnel Interface?

Is it possible to do something like below:

service-policy tcp_bypass_policy Tunnel2

service-policy tcp_bypass_policy inside

The service-policy on physical interface works fine, but when i want to apply this to a Tunnel interface the option is not available. Not sure if its a bug, or a known "does not work"

The reasoning behind this is that we want to have dual vpn tunnels from an ASA to Azure (active-active vpn's to minimise downtime), but struggling to get this working over VTI's. With physical interfaces we could group interfaces into "zones" but you cannot do that with VTI's, so was hoping to achieve the same by using tcp_bypass



No comments:

Post a Comment