Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5505 source routing


can I do this with asa 5505 (inside

inside I have computer (gw, which should forward all is traffic over VPN tunnel to different office to the gateway (

We had before netscreen/Juniper 5GT which was working that way.


New Member

Re: Cisco ASA 5505 source routing

What is the subnet the host is trying to reach over VPN? Is the host directly connected to a ASA subnet? Or is there a route on the ASA to that subnet?

The normal way of acheiving the routing you want would be to add a route for the VPN subnet pointing to, but this would apply for all sources. ASA does not support policy based routing. If you have a router or L3 switch before the ASA, you could configure PBR there.

New Member

Re: Cisco ASA 5505 source routing

That host should forward all is traffic to the host (netscreen FW).

networks and are connected over VPN tunnel (working correctly).

My idea is to allow that host to go outside using different gateway.

I found something which should help me

but I did not manage to get it work.

Or if I add that host to different VLAN does it help me then? We have SEC PLUS licence.

New Member

Re: Cisco ASA 5505 source routing

This is how I see your network (please correct me if I'm wrong). (local LAN) ----- ASA ------ Internet


                                 ------ Netscreen ----- Internet ------ Remote-VPN-Peer -----

With this I am guessing that is a DMZ network on the ASA.

Assuming is connected to a ASA interface called "dmz": then you would need to add the following route in the ASA:

route dmz

You can then add an access-list on your inside interface to permit only traffic from to

This is all based on guessing, I need more information to be able to give you a good answer.

Edited to correct mistake in post (saw wrong IP in subnet)