Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7617
Views
0
Helpful
3
Replies

ASA: why doesn't "route-map" "set ip next-hop" work for me?

ohansen
Level 1
Level 1

‎01-03-2012 01:13 AM - edited ‎03-11-2019 03:09 PM

HI all,

I need to be able to redirect some HTTP traffic to an Ironport WSA (for now) on a DMZ interface, the initial config I'm trying to test is along the lines of the following (don't have access to the ASA at the moment to cut-and-paste, sorry):

access-list 101 deny any any neq www

access-list 101 deny tcp host 10.0.2.2 any

access-list 101 permit tcp any any

route-map proxy-redirect permit 101

     match ip address 101

     set ip next-hop 10.0.2.2

Unfortunately the ASA does not take the "set ip next-hop" command, I get an invalid input error message and if I at the route map config prompt type "?" only the "metric" and "metric-type" commands are listed as available.

This happens both on 8.2 (ASA5510) and 8.4(2) (ASA5505). Since others are able to make this work, I assume there's something else on the ASA that I have to set to enable this command?

I know folks will suggest WCCP but that's not going to be applicable in my case I'm afraid, and although I can make a NAT rule work under 8.4, that sadly doesn't work under 8.2.

Any feedback would be greatly appreciated!

Thanks in advance!

1 person had this problem
Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎01-03-2012 02:31 AM

Hi,

Since others are able to make this work     How ?  because PBR is not supported on the ASA and route-maps are used for redistribution purposes only.

Don't forget to rate if helpful.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

ohansen
Level 1
Level 1
In response to cadet alain

‎01-03-2012 06:39 AM

Thanks Alain,

> Since others are able to make this work     How ?

there are a few posts/articles out there that hints that it's possible, like the one below, I was hoping it would be tied to a licenced feature, routing config etc., but I guess you're right...

https://supportforums.cisco.com/thread/2058702

Thanks again!

0 Helpful

Waisudin Farzam
Level 1
Level 1
In response to cadet alain

‎08-06-2013 01:48 PM

dear bro,

what are the others ways to do rather then next-hop config

can you please write down that.

RG

Waisudin Farzam
SNE

P E: wfarzam@gmail.com
S E: wais.farzam@gmail.com
S: wais.farzam

Certified Cisco ID: CSCO11404095
CCNA, CCNP, CCNA Sec, and CCIE R&S v4.0 Written Certified
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card