04-24-2012 08:46 AM
I inherited this network, and it was using Zscaler. The config still points to that, but subscription is no longer valid, so I just need to remove the Zscaler portion. An suggestions? Here is a snipped of my config:
set match-group name zscaler_http
set match-group zscaler_http ext-acl 10 match-entry 100
set match-group name vpn-http
set match-group vpn-http ext-acl 20 match-entry 100
set action-group name zscaler_http_gre
set action-group zscaler_http_gre next-interface tunnel.7 action-entry 10
set action-group zscaler_http_gre next-interface tunnel.8 action-entry 20
set action-group name vpn-http
set action-group vpn-http next-interface ethernet0/0 action-entry 10
set pbr policy name zscaler_http_gre
set pbr policy zscaler_http_gre match-group vpn-http action-group vpn-http 5
set pbr policy zscaler_http_gre match-group zscaler_http action-group zscaler_http_gre 10 exit
set interface ethernet0/8 pbr zscaler_http_gre
My apologies if I posted in wrong forum.
Solved! Go to Solution.
05-07-2012 01:31 PM
We use Zscaler on many of our remote sites using GRE tunnels. The last light basically removes the PBR policy from being bound to the interface. If you care to remove the rest of those entries, you can find them by going to Network | Routing | PBR and remove all entries from Extended ACL, Match Group, Action Group and Policy. The Policy binding will probably not reference the Zscaler policy since you removed it.