04-15-2009 05:03 AM - edited 03-09-2019 10:13 PM
Please take look at this topic. The ASA firewall is making me a headache.
WAN, Routing and Switching: Policy-based routing.
04-15-2009 06:31 AM
If Im not mistaken, PBR is not supported on ASA.
R/g
04-15-2009 07:10 AM
correct, PBR is not supported on the ASA. the route-map support is limited to route redistribution on the ASA.
04-15-2009 09:36 AM
Do you have an idea how to solve my problem?
04-17-2009 01:12 AM
Hi,
Some Typical Policy Based Routing problem can be solved using Policy Based NAT. All the features for PBR you get in router is not available in ASA.
Still, Could you post your exact requirement.
04-17-2009 01:35 AM
It is explained in my first post.
The central router routes the traffic to ASA and there it just stops.
Don't know if the ASA is droping the packets or similar. I don't have any experience with it.
04-17-2009 01:57 AM
The ASA may be dropping packets that it does not know how to pass onto the next layer 3 routing device, check the config and the layer 3 connectivity at the remote end.
HTH>
04-17-2009 02:01 AM
But the Central router sends the request (sourced from the remote site) with a source and destination address.
I really don't know whay the ASA does not forward it on the outside interface.
04-17-2009 02:07 AM
if the traffic from the remote site enters the outside interface of the ASA over a VPN the ASA will not specifically pass it out the outside interface and NAT it without specific config, is this what you are tyring to do?
post your config's for review.
04-17-2009 02:12 AM
The traffic comes on an inside interface (security 50, OSPF routing). The ASA is connected with 2 interfaces with the central router. One for OSPF routing between sites (private IP) and one for internet (Public IP, ASA is doing NAT)
And there is an inside interface with SEC 0 and that is not important.
You can find a topology and config file in my posts.
04-17-2009 02:19 AM
None of your posts have any attachements.
Is the ASA taking part in the OSPF routing?
Are you performing any NAT between the intside and the central router interface?
04-17-2009 02:26 AM
There are attachments. Like I said in my first post, I made a topic in:
WAN, Routing and Switching: Policy-based routing.
It is all explained there.
04-17-2009 02:37 AM
I have no time to search for posts, sorry. Perhaps another netpro will be able to help.
04-17-2009 02:39 AM
04-17-2009 02:52 AM
I have read the post - and seen the updated diagram, I have a few questions:-
1) Why is the VPN terminated on the central router?
2) Why is the central router in front of the ASA for the internet, and beihind the ASA for internal
3) If you havea tunnel, then you should not really need PBR - as you can encapsulate OSPF into the tunnel
4) The ASA could redistribute the default route in OSPF on the internal private IP's.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide