routing outbound traffic to 2 interfaces on asa

Unanswered Question
Apr 6th, 2008
User Badges:

given;


rtr1 connected to outside

rtr2 connected to dmz1

lan connected to inside


we wanted to achieve the ff;

-mail traffic to go to the OUTSIDE

-http traffic to go to the DMZ1


how can we achieve the above on ASA



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
husycisco Mon, 04/07/2008 - 10:33
User Badges:
  • Gold, 750 points or more

Hi Celso,

Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.

Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.


access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp

nat (inside) 1 access-list smtp_nat_outbound

global (outside) 1 interface

nat (inside) 2 0 0

global (dmz1) 2 interface


route outside mailserver1ip 255.255.255.255 rtr1ip

route outside mailserver2ip 255.255.255.255 rtr1ip

route outside mailserver3ip 255.255.255.255 rtr1ip

route dmz1 0.0.0.0 0.0.0.0 rtr2ip


Regards

Actions

This Discussion