Configuring Policies for BoD Traffic Destined for VPNs

You can manage policies with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a policy for a BoD service associated with a VPN (a VPN policy):

  1. Copy the policy for the BoD service in the directory.
  2. Rename the policy you copied to a similar name that indicates this policy is the VPN version; for example, you can use <bodPolicy>Vpn, where <bodPolicy> is the name of the BoD policy.

    For example, if the name of the original policy is bod, rename the service you copied to bodVpn.

  3. Add a new local parameter (the name is arbitrary, for example vpnName) of type Routing Instance to the VPN policy.
  4. Add a new action of type RoutingInstanceAction to the input policy rule, and specify a Routing Instance of vpnName for this action.
  5. Save the VPN policy.

For a sample VPN policy, see policyGroupName=bodVpn, ou=entjunos, o=Policies, o=umc in the sample data. In the sample BoD policies, substitutions in services rename policy parameters to names required by Enterprise Manager Portal.