Dear all,

I am facing the following challenge, I have a site to site VPN between two checkpoints and would like to migrate traffic to a different connectivity solution on a subnet by subnet basis.

Here is the scenario.

Encryption domain 1: 10.1.0.0/16

Encryption domain 2: 10.2.0.0/16

Both sites are now also connected to a backbone from our provider and I am advertising 10.1.1.0/24 from one site into the backbone and 10.2.1.0/24 from the other site (had to exclude these subnets from the encryption domains)

These two subnets can now talk to each other via the backbone (no vpn) but of course they have lost connectivity to all other subnets in the encryption domain, for example 10.1.0.1 cannot talk to 10.2.2.1 any more.

I was wondering if I could leverage policy based routing to get around the issue as I would like to migrate to the backbone on a subnet by subnet basis.

Ideally I would do

if traffic source 10.1.1.0/24 and

if destination = 10.2.1.0/24 go to backbone

else go to VPN.

Is this at all possible?

Thanks