Network — Policy Based Routing

Policy-based routing is used to route traffic to a specific destination by creating a policy on Firewall. We can consider a site-to-site VPN in which we would be trying to deploy Policy Based Routing (PBR).

Consider a site-to-site VPN connectivity example between two Data-center

Data-center A Firewall having a public peer IP Address (1.1.1.1) and the traffic is getting NaTted to its public IP address to reach the Server having IP-10.1.1.1 Hosted in Data Center B over site-to-site VPN.

Data center Firewall Public IP Address is 2.2.2.2

To avoid asymmetric routing, we will use Policy Based Routing to send return traffic via VPN. Data Center A is sending traffic with Public IP. Hence, the firewall will send the response to the internet as there is due to Default route to reach the public IP. Hence, to avoid asymmetric routing, we will use Policy Based Routing to send return traffic via VPN.

How?

We will create Forwarding Policy on the firewall. In Which source can be mentioned any and destination needs to be 1.1.1.1 and add destination interface as site-to-Site VPN tunnel. So, Any traffic having destination 1.1.1.1 will be routed via a Site-to-Site VPN tunnel. And the asymmetric routing can be fixed.

This is tested on Palo Alto Firewall.