< Previous Challenge - Home - Next Challenge >
Prevent that your branches act as transit between the Azure Vnets, even in the case of a failure in the tunnels between VNG1 and VNG2. You might use this Cisco configuration sample:
ip as-path access-list 1 permit ^$
route-map ? permit 20
match as-path 1
route-map ? deny 30
How can this configuration be useful for an onprem router connected to both ExpressRoute private and Microsoft peerings?