Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
8
Helpful
6
Replies

Diferents default next-hops

Tauer Drumond
Level 1
Level 1

‎07-15-2008 06:54 AM - edited ‎03-11-2019 06:14 AM

Hi,

I would like to forward all packets coming from a specific ip range on my LAN to a diferent next-hop.

I have a default route on ASA 0.0.0.0 0.0.0.0 200.200.200.200, but a specific internal network can't follow this way.

That must follow another way.

Is that possible on my ASA 5540?

Thanks

Labels:
0 Helpful
6 Replies 6

JORGE RODRIGUEZ
Level 10
Level 10

‎07-15-2008 07:18 AM

If Im not mistaken from your description you have two defaults routes in your network and have certain internat IP subnets to be directed to another default route other than the ASA default. ASA only supports one default route, so what you are trying to do is PBR which currently is not supported in PIX/ASA as of now.

What you may want to do is do the pbr from an inside router behind the ASA for accomplishing a next hop default route.

HTH

Jorge

Jorge Rodriguez

Tauer Drumond
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-15-2008 07:39 AM

Hi Jorge,

what im wanting to do is exactely what you said.

unfortunately I cant put another router behind ASA.

Anyway, thank you by your help.

It was so helpfull.

Tauer

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to Tauer Drumond

‎07-15-2008 08:13 AM

Tauer, you are very welcome, it is said in past threads readings that there may be PBR suport in future ASA roadmap but I have no link to substantiate this claim.

Another option would also be a L3 switch if budget is an object, even a L3 3550 switch with an EMI image can do pbr, here is a link in the event you may consider placing a L3 device behind ASA.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swiprout.html#wp1260543

HTH

Jorge

Jorge Rodriguez

Tauer Drumond
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-15-2008 08:53 AM

Hi Jorge,

If I NAT the inside IP address at the specific external interface? Will the packets follow the default route or follow trought this interface?

Thanks

Tauer

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to Tauer Drumond

‎07-15-2008 12:27 PM

It will follow the ASA default route..for example http traffic, to tell the asa to send outboud http traffic from specific inside network nated to another asa external interface for http it is still a PBR function, http traffic will go asa outside interface or whicever the default route points to.

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Tauer Drumond
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-15-2008 12:30 PM

ok Jorge,

So... I'll try find another solution.

I just wanna thank you by your answers..they were so helpfull.

Regards

Tauer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card