04-13-2009 10:43 AM - edited 03-11-2019 08:17 AM
Hi all,
I have a ASA 5510 with 2 interfaces outside that 2 internet links are connected it.
I need to do that a host in inside netwok goes out by a interface outise and others host goes out by other interface.
Someone know how can I to do this?
04-13-2009 11:33 AM
Hi ,
Please Update with more details wat exactly you want ..
1) You want policy based routing ( which not possible in asa)
2) You have inside network (10.10.10.0/24) & you have 2 differnet subnet which is connected to 2 different internet pipes , Your target if request is coming for the 1st network then its will move to 1st internet link & if request is coming for another subnet then it move to another internet link .which can be possible through Policy nat .
please update with details .
Regards
Ritesh Malviya
04-13-2009 11:58 AM
Malviya,
I beleave that PBR could solve this problem, but is not supported in ASA.
I have two internet links main and secondary (2 outside interfaces) and 1 inside interface.
I need to permit that a only host goes out by a of secondary internet link, while all others host goes out by the main link.
The subnet is the same.
04-13-2009 04:48 PM
Hi,
This is possible only if all your inside network goes by doing PolicyNAT.
Lets consider the following.
interface outsideA: ip= A.A.A.A
interface outsideB: ip= B.B.B.B
interface insideH. ip=H.H.H.1
Your two hosts:
H.H.H.A and H.H.H.B
Note: This configuration only works if your inside host uses your outside interface IP for internet access.
Commands:
access-list internetA extended permit ip host H.H.H.A any
access-list internetB extended permit ip host H.H.H.B any
global (outsideA) 2 interface
gloabl (outsideB) 3 interface
nat (inside) 2 access-list internetA
nat (inside) 3 access-list internetB
04-13-2009 05:40 PM
Hi maskey,
I did what you suggest, but because I have two link I wasn't able to configure a default route for each link.
route internetA 0.0.0.0 0.0.0.0 x.x.x.x
route internetB 0.0.0.0 0.0.0.0 y.y.y.y
Someone know how can I configure two defaults routes in ASA?
Thanks
04-13-2009 08:45 PM
Hi,
The default routing pointing to internet should be like this:
Assuming your two outside interfaces are named:
outsideA
outsideB
the default route to internet should be:
route outsideA 0.0.0.0 0.0.0.0 x.x.x.x
route outsideB 0.0.0.0 0.0.0.0 y.y.y.y
Test the connection using packet tracer
source IP: H.H.H.A
src port: 2000
protocol: tcp
dest public IP: P.P.P.P
dst port: 80
Review the packet tracer output closely
repeat with inside ip: H.H.H.B
06-11-2009 04:20 AM
Roshan, did you get this working, trying to setup the same configuration (Two ISP's)
If so how did the routeing work ?
Thanks in Advance !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide