This example shows the full and complete policy for all of the configuration that was performed in Chapters 6 and 7.
policy control-policy DC_Inbound_Control_Policy sequence 1 match tloc originator 10.0.10.1 ! action accept set preference 500 ! ! ! sequence 11 match tloc originator 10.0.10.2 ! action accept set preference 400 ! ! ! sequence 21 match tloc originator 10.0.20.1 ! action accept set preference 500 ! ! ! sequence 31 match tloc originator 10.0.20.2 ! action accept set preference 400 ! ! ! sequence 41 match route vpn-list SERVICE_VPN prefix-list _AnyIpv4PrefixList ! action accept export-to vpn-list CLIENT_VPNS set omp-tag 100 ! ! ! default-action accept ! control-policy North_America_Reg_Mesh_with_FW sequence 1 match tloc site-list DCs ! action accept ! ! sequence 11 match tloc site-list North_America_Branches ! action accept ! ! sequence 21 match route prefix-list Default_Route site-list North_America_DC ! action accept set preference 100 ! ! ! sequence 31 match route site-list DCs prefix-list _AnyIpv4PrefixList ! action accept ! ! sequence 41 match route site-list North_America_Branches prefix-list _AnyIpv4PrefixList ! action accept ! ! sequence 51 match route site-list Europe_Branches prefix-list _AnyIpv4PrefixList ! action accept set service FW ! ! ! default-action reject ! vpn-membership vpnMembership_373293275 sequence 10 match vpn-list CLIENT_VPNS ! action accept ! ! sequence 20 match vpn-list CorporateVPN ! action accept ! ! sequence 30 match vpn-list SERVICE_VPN ! action accept ! ! sequence 40 match vpn-list PCI_VPN ! action accept ! ! default-action reject ! control-policy Euro_Reg_Mesh_with_FW_MultiTopo sequence 1 match tloc site-list DCs ! action accept ! ! sequence 11 match tloc site-list Europe_Branches ! action accept ! ! sequence 21 match route prefix-list Default_Route site-list Europe_DC ! action accept set preference 100 ! ! ! sequence 31 match route site-list DCs prefix-list _AnyIpv4PrefixList ! action accept ! ! sequence 41 match route site-list Europe_Branches vpn-list CorporateVPN prefix-list _AnyIpv4PrefixList ! action accept ! ! sequence 51 match route site-list Europe_Branches vpn-list PCI_VPN prefix-list _AnyIpv4PrefixList ! action accept set tloc-list Europe_DC_TLOCs ! ! ! sequence 61 match route site-list North_America_Branches prefix-list _AnyIpv4PrefixList ! action accept set service FW ! ! ! default-action reject ! control-policy Branch_Extranet_Route_Leaking sequence 1 match route vpn 101 prefix-list _AnyIpv4PrefixList ! action accept export-to vpn-list SERVICE_VPN set omp-tag 101 ! ! ! sequence 11 match route vpn 102 prefix-list _AnyIpv4PrefixList ! action accept set omp-tag 102 ! export-to vpn-list SERVICE_VPN ! ! default-action accept ! data-policy _CorporateVPN_Branch_-1923459860 vpn-list CorporateVPN sequence 1 match app-list AUDIO_VIDEO_APPS source-ip 0.0.0.0/0 ! action accept count CORP_AUDIO_VIDEO_199743323 loss-protect fec-adaptive loss-protection forward-error-correction adaptive set local-tloc-list color mpls ! ! ! sequence 11 match destination-data-prefix-list INTERNAL_ADDRESSES ! action accept count INTERNAL_PCKTS_199743323 ! ! sequence 21 match app-list TRUSTED_APPS source-ip 0.0.0.0/0 ! action accept nat use-vpn 0 nat fallback count CORP_DCA_199743323 ! ! sequence 31 match app-list YouTube source-ip 0.0.0.0/0 ! action accept count CORP_YOUTUBE_199743323 set local-tloc-list color biz-internet encap ipsec ! ! ! sequence 41 match app-list Facebook source-ip 0.0.0.0/0 ! action accept count CORP_FACEBOOK_199743323 set vpn 1 tloc-list Europe_DC_INET_TLOCS ! ! ! sequence 51 match app-list Google_Apps source-ip 0.0.0.0/0 ! action accept count UMBRELLA_PCKTS_199743323 set service IDP local ! ! ! default-action accept ! vpn-list PCI_VPN sequence 1 match source-data-prefix-list PAYMENT_SERVERS ! action accept count PCI_PCKTS_-1949123913 set local-tloc-list color mpls ! loss-protect pkt-dup loss-protection packet-duplication ! ! sequence 11 match destination-data-prefix-list PAYMENT_SERVERS ! action accept count PCI_PCKTS_-1949123913 set local-tloc-list color mpls ! loss-protect pkt-dup loss-protection packet-duplication ! ! default-action accept ! vpn-list GUEST_ACCESS_VPN sequence 1 match destination-data-prefix-list BOGON_ADDR ! action drop count GUEST_DROPPED_PKTS_-939522740 ! ! sequence 11 match source-ip 0.0.0.0/0 ! action accept nat use-vpn 0 count GUEST_DIA_PKTS_-939522740 ! ! default-action drop ! data-policy _CorporateVPN_DC_Corp_1741652260 vpn-list CorporateVPN sequence 1 match app-list AUDIO_VIDEO_APPS source-ip 0.0.0.0/0 ! action accept count CORP_AUDIO_VIDEO_-430111853 loss-protect fec-adaptive loss-protection forward-error-correction adaptive set local-tloc-list color mpls ! ! ! default-action accept ! vpn-list PCI_VPN sequence 1 match source-data-prefix-list PAYMENT_SERVERS ! action accept count PCI_PCKTS_1715988207 set local-tloc-list color mpls ! loss-protect pkt-dup loss-protection packet-duplication ! ! sequence 11 match destination-data-prefix-list PAYMENT_SERVERS ! action accept count PCI_PCKTS_1715988207 set local-tloc-list color mpls ! loss-protect pkt-dup loss-protection packet-duplication ! ! default-action accept ! lists app-list AUDIO_VIDEO_APPS app-family audio-video app-family audio_video ! app-list Facebook app facebook app facebook_messenger app fbcdn app facebook_mail app facebook_live ! app-list Google_Apps app android-updates app blogger app chrome_update app gcs app gmail app gmail_mobile app gmail_basic app gmail_basic app gmail_chat app gmail_drive app gmail_mobile app google_picasa app google_desktop app google_cache app google_play_music app google app google_translate app google_groups app google_localguides app google_gen app gmail_drive app google_calendar app google_classroom app google_skymap app google_tags app google_maps app gcs app google_code app google_toolbar app gstatic app google_spaces app google_accounts app google_sprayscape app google-services app google-services-audio app google-services-media app google-services-video app google_accounts app google_ads app google_analytics app google_appengine app google_cache app google_calendar app google_code app google_desktop app google_docs app google_photos app google-docs app google-downloads app google_earth app google_earth app google-earth app google_groups app google_maps app google_photos app google_picasa app picasa app google_play app google-play app google_plus app google-plus app google_plus app google_safebrowsing app google_skymap app google_spaces app google_tags app google_toolbar app google_translate app google_trusted_store app google_weblight app googlebot app gstatic app gtalk app gtalk-chat app gmail_chat app gtalk-ft app gtalk-video app gtalk-voip app hangouts app hangouts-audio app hangouts-chat app hangouts-file-transfer app hangouts-media app hangouts-video app youtube app youtube_hd app youtube_hd ! app-list TRUSTED_APPS app webex-meeting app webex_weboffice app webex ! app-list YouTube app youtube app youtube_hd ! data-prefix-list BOGON_ADDR ip-prefix 10.0.0.0/8 ip-prefix 100.64.0.0/10 ip-prefix 127.0.0.0/8 ip-prefix 172.16.0.0/12 ip-prefix 192.168.0.0/16 ! data-prefix-list INTERNAL_ADDRESSES ip-prefix 10.0.0.0/8 ! data-prefix-list PAYMENT_SERVERS ip-prefix 10.2.10.0/24 ! prefix-list Default_Route ip-prefix 0.0.0.0/0 ! site-list BranchOffices site-id 100-199 ! site-list DCs site-id 10-50 ! site-list Europe_Branches site-id 102-103 ! site-list Europe_DC site-id 20 ! site-list North_America_Branches site-id 101 ! site-list North_America_DC site-id 10 ! tloc-list Europe_DC_INET_TLOCS tloc 10.0.20.1 color biz-internet encap ipsec preference 500 tloc 10.0.20.2 color biz-internet encap ipsec preference 400 ! tloc-list Europe_DC_TLOCs tloc 10.0.20.1 color mpls encap ipsec tloc 10.0.20.1 color biz-internet encap ipsec tloc 10.0.20.2 color mpls encap ipsec tloc 10.0.20.2 color biz-internet encap ipsec ! vpn-list CLIENT_VPNS vpn 101 vpn 102 ! vpn-list CorporateVPN vpn 1 ! vpn-list GUEST_ACCESS_VPN vpn 3 ! vpn-list PCI_VPN vpn 2 ! vpn-list SERVICE_VPN vpn 100 ! prefix-list _AnyIpv4PrefixList ip-prefix 0.0.0.0/0 le 32 ! ! ! apply-policy site-list Europe_Branches control-policy Euro_Reg_Mesh_with_FW_MultiTopo out ! site-list BranchOffices data-policy _CorporateVPN_Branch_-1923459860 from-service control-policy Branch_Extranet_Route_Leaking in vpn-membership vpnMembership_373293275 ! site-list DCs data-policy _CorporateVPN_DC_Corp_1741652260 from-service control-policy DC_Inbound_Control_Policy in ! site-list North_America_Branches control-policy North_America_Reg_Mesh_with_FW out ! !
18.118.1.158