Diferents default next-hops

Unanswered Question
Jul 15th, 2008
User Badges:

Hi,

I would like to forward all packets coming from a specific ip range on my LAN to a diferent next-hop.


I have a default route on ASA 0.0.0.0 0.0.0.0 200.200.200.200, but a specific internal network can't follow this way.


That must follow another way.


Is that possible on my ASA 5540?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
JORGE RODRIGUEZ Tue, 07/15/2008 - 07:18
User Badges:
  • Green, 3000 points or more

If Im not mistaken from your description you have two defaults routes in your network and have certain internat IP subnets to be directed to another default route other than the ASA default. ASA only supports one default route, so what you are trying to do is PBR which currently is not supported in PIX/ASA as of now.


What you may want to do is do the pbr from an inside router behind the ASA for accomplishing a next hop default route.


HTH

Jorge

Tauer Drumond Tue, 07/15/2008 - 07:39
User Badges:

Hi Jorge,

what im wanting to do is exactely what you said.

unfortunately I cant put another router behind ASA.

Anyway, thank you by your help.

It was so helpfull.


Tauer


JORGE RODRIGUEZ Tue, 07/15/2008 - 08:13
User Badges:
  • Green, 3000 points or more

Tauer, you are very welcome, it is said in past threads readings that there may be PBR suport in future ASA roadmap but I have no link to substantiate this claim.


Another option would also be a L3 switch if budget is an object, even a L3 3550 switch with an EMI image can do pbr, here is a link in the event you may consider placing a L3 device behind ASA.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swiprout.html#wp1260543


HTH

Jorge

Tauer Drumond Tue, 07/15/2008 - 08:53
User Badges:

Hi Jorge,

If I NAT the inside IP address at the specific external interface? Will the packets follow the default route or follow trought this interface?


Thanks

Tauer

JORGE RODRIGUEZ Tue, 07/15/2008 - 12:27
User Badges:
  • Green, 3000 points or more

It will follow the ASA default route..for example http traffic, to tell the asa to send outboud http traffic from specific inside network nated to another asa external interface for http it is still a PBR function, http traffic will go asa outside interface or whicever the default route points to.



Rgds

Jorge

Tauer Drumond Tue, 07/15/2008 - 12:30
User Badges:

ok Jorge,

So... I'll try find another solution.

I just wanna thank you by your answers..they were so helpfull.


Regards


Tauer

Actions

This Discussion