Configuring access-control list and route map

Use the route map to only route the web traffic on ports 80 and 443 through the GRE tunnels.

Follow the below steps to create access-control list (ACL) and route the web traffic.

Steps

Use the following access-list commands to direct the web traffic (HTTP/HTTPS) from specific subnets or traffic types to the tunnel.
```
access-list <access_list_number> permit tcp <internal_subnet> <subnet_mask> any eq www
access-list <access_list_number> permit tcp <internal_subnet> <subnet_mask> any eq 443
```
Replace the <internal_subnet> with IP address range for the internal subnet whose traffic will be forwarded to the tunnel.
For the primary tunnel:
1. Define a route-map to route traffic through the primary tunnel.
```
route-map Primary_Tunnel permit 11
```
2. Assign the access-list to the route map you created.
```
match ip address 104
```
3. Set the tunnel interface.
```
set interface Tunnel0
```
For the secondary tunnel:
1. Define a route map for the secondary tunnel to match traffic against.
```
route-map Secondary_Tunnel permit 12
```
2. Assign the access-list to the route map you created.
```
match ip address 104
```
3. Set the tunnel interface.
```
set interface Tunnel1
```
Attach the primary tunnel's route-map to the incoming interface:
```
interface <incoming_interface>
ip address <incoming_ip_address> 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map Primary_Tunnel
duplex auto
speed auto
```
- Replace the <incoming_interface> with the name of the ingress interface on your edge device.
- Replace the <incoming_ip_address> with the IP address of the local interface that receives traffic from the client network.