Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
5
Replies

Pix to asa 5510

Go to solution
mrehman02
Level 1
Level 1

‎05-22-2016 09:34 PM - edited ‎03-12-2019 12:46 AM

Dears, I am trying to upgrade my pix 515 to ASA 5510 . I have mostly copied the configuration but is stuck on one part where we have  set the IP next hop in the pix. For some reason I cant find the SET IP NEXT HOP command in the asa. What could be the reason? Please advice

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to mrehman02

‎05-22-2016 10:34 PM

So it seems like you are trying to running PBR (Policy Based Routing). This feature was not available in the ASA code until 9.4:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

Unfortunately, ASA 5510 is End-of-Life/End-of-Sale and as a result, the latest version that it can run is 9.1. Thus, you should look into replacing that ASA with a next-generation model ASA (X series). This will allow you to run the desired code for PBR and will also give you the option(s) to run some next-generation features (NGIPS, Malware inspection, etc). 

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎05-22-2016 09:57 PM

Hi there, can you post the exact syntax from the PIX?

Thank you for rating helpful posts!

0 Helpful

Go to solution
mrehman02
Level 1
Level 1
In response to nspasov

‎05-22-2016 10:00 PM

Hi, Please find it below.

route-map NETWORK-1 permit 10
set metric 2
set ip next-hop 10.40.60.5
match ip address 150
route-map NETWORK-1 permit 20
set metric 5
set ip next-hop 10.40.60.8
match ip address 160

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to mrehman02

‎05-22-2016 10:34 PM

So it seems like you are trying to running PBR (Policy Based Routing). This feature was not available in the ASA code until 9.4:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html

Unfortunately, ASA 5510 is End-of-Life/End-of-Sale and as a result, the latest version that it can run is 9.1. Thus, you should look into replacing that ASA with a next-generation model ASA (X series). This will allow you to run the desired code for PBR and will also give you the option(s) to run some next-generation features (NGIPS, Malware inspection, etc). 

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

Go to solution
mrehman02
Level 1
Level 1
In response to nspasov

‎05-22-2016 10:41 PM

Thank you. That explains!!

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to mrehman02

‎05-22-2016 10:48 PM

No problem. Sorry to bring the bad news :(

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card