On Tue, Oct 03, 2017 at 10:11:44PM -0400, Satish Patel wrote:
we are using policy base VPN because our remote end is AWS where we don't have control.
I don't know about the possibilities for route based VPNs on Cisco ASA in general, but route based VPNs work awesome for me with AWS on Juniper SRX. Additionally, running BGP routing with Amazon over the VPN also makes monitoring easier due to Observium's ability to monitor BGP sessions.
No matter what brand of network device, I would not use a policy based VPN for anything I want to monitor. You might be able to monitor it indirectly using IP SLA though. ASAs suck, but apparently route based VPN is a very new feature for them https://supportforums.cisco.com/t5/vpn/route-based-vpn-vti-for-asa-finally-h... -Nick