01-03-2012 01:13 AM - edited 03-11-2019 03:09 PM
HI all,
I need to be able to redirect some HTTP traffic to an Ironport WSA (for now) on a DMZ interface, the initial config I'm trying to test is along the lines of the following (don't have access to the ASA at the moment to cut-and-paste, sorry):
access-list 101 deny any any neq www
access-list 101 deny tcp host 10.0.2.2 any
access-list 101 permit tcp any any
route-map proxy-redirect permit 101
match ip address 101
set ip next-hop 10.0.2.2
Unfortunately the ASA does not take the "set ip next-hop" command, I get an invalid input error message and if I at the route map config prompt type "?" only the "metric" and "metric-type" commands are listed as available.
This happens both on 8.2 (ASA5510) and 8.4(2) (ASA5505). Since others are able to make this work, I assume there's something else on the ASA that I have to set to enable this command?
I know folks will suggest WCCP but that's not going to be applicable in my case I'm afraid, and although I can make a NAT rule work under 8.4, that sadly doesn't work under 8.2.
Any feedback would be greatly appreciated!
Thanks in advance!
01-03-2012 02:31 AM
Hi,
Since others are able to make this work How ? because PBR is not supported on the ASA and route-maps are used for redistribution purposes only.
Don't forget to rate if helpful.
Regards.
Alain
01-03-2012 06:39 AM
Thanks Alain,
> Since others are able to make this work How ?
there are a few posts/articles out there that hints that it's possible, like the one below, I was hoping it would be tied to a licenced feature, routing config etc., but I guess you're right...
https://supportforums.cisco.com/thread/2058702
Thanks again!
08-06-2013 01:48 PM
dear bro,
what are the others ways to do rather then next-hop config
can you please write down that.
RG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide