【WANO】Unable To Access Peer Side With Sangfor VPN Due To PBR
Issue Description
Unable to access to peer side even with Sangfor VPN built-up
Error/Warning Information
- Original environment was using MPLS
- Original settings was route to peer side by using Policy-based Route(PBR)
- After unplug MPLS link, traffic unable to access to peer side
- Confirmed that Sangfor VPN is built-up
Handling Process
Root Cause
Policy-based Route priority is always higher than VPN route. From above scenario, it is due to the PBR has higher priority and the traffic matched with the PBR first, causing the traffic to route to the MPLS first.
Solution
Remove the PBR or make necessary adjustment to not include LAN segment to prevent the traffic matches PBR first.
**Note ***
Route priority for Sangfor WANO:
- Policy-based Route
- Static/Direct Route
- unnel Route
- VPN Route
Note: Route priority may vary with different Sangfor Product.