Diferents default next-hops

Unanswered Question
Jul 15th, 2008

Hi,

I would like to forward all packets coming from a specific ip range on my LAN to a diferent next-hop.

I have a default route on ASA 0.0.0.0 0.0.0.0 200.200.200.200, but a specific internal network can't follow this way.

That must follow another way.

Is that possible on my ASA 5540?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
JORGE RODRIGUEZ Tue, 07/15/2008 - 07:18

If Im not mistaken from your description you have two defaults routes in your network and have certain internat IP subnets to be directed to another default route other than the ASA default. ASA only supports one default route, so what you are trying to do is PBR which currently is not supported in PIX/ASA as of now.

What you may want to do is do the pbr from an inside router behind the ASA for accomplishing a next hop default route.

HTH

Jorge

Tauer Drumond Tue, 07/15/2008 - 07:39

Hi Jorge,

what im wanting to do is exactely what you said.

unfortunately I cant put another router behind ASA.

Anyway, thank you by your help.

It was so helpfull.

Tauer

JORGE RODRIGUEZ Tue, 07/15/2008 - 08:13

Tauer, you are very welcome, it is said in past threads readings that there may be PBR suport in future ASA roadmap but I have no link to substantiate this claim.

Another option would also be a L3 switch if budget is an object, even a L3 3550 switch with an EMI image can do pbr, here is a link in the event you may consider placing a L3 device behind ASA.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swiprout.html#wp1260543

HTH

Jorge

Tauer Drumond Tue, 07/15/2008 - 08:53

Hi Jorge,

If I NAT the inside IP address at the specific external interface? Will the packets follow the default route or follow trought this interface?

Thanks

Tauer

JORGE RODRIGUEZ Tue, 07/15/2008 - 12:27

It will follow the ASA default route..for example http traffic, to tell the asa to send outboud http traffic from specific inside network nated to another asa external interface for http it is still a PBR function, http traffic will go asa outside interface or whicever the default route points to.

Rgds

Jorge

Tauer Drumond Tue, 07/15/2008 - 12:30

ok Jorge,

So... I'll try find another solution.

I just wanna thank you by your answers..they were so helpfull.

Regards

Tauer

Actions

This Discussion