I have an N-Series router, and I am trying to map between VLANs. Inside of the router, the network is on VLAN 2 while outside the network is on VLAN 5. I can map the outside VLAN to the inside VLAN easily enough withset policy profile 1 name map_outside_to_inside tci-overwrite enable set policy rule admin-profile port ge.2.5 port-string ge.2.5 admin-pid 1 set policy rule 1 vlantag 5 vlan 2 With this policy in place, I can observe packets flowing from the outside to the inside.
Of course, traffic is not able to return, and that is where my trouble lies. I have tried everything I can think of to get traffic from the inside to the outside. Unfortunately, I cannot simply do the same policy on the inside since it still needs to be able to reach other hosts on the inside of the router, not just hosts on the outside. (If there is a way to apply policy to a copy of the traffic, that should be enough to make this work.)
Since as far as I can tell, policy only applies on ingress, I tried to devise clever routing loops so that policy could be applied. First, I tried forwarding the traffic to a loopback interface (e.g., loop.0.1); however, policy cannot be applied to loopback interfaces. Next, I tried port mirroring; however, this still counts as egress as far as policy is concerned.