Firewalls don't have the capability to do PBR. There are other ways to get a similar results depending on your setup.
If your not doing any VPN's, dynamic routing, or multicast you could do multiple contexts. This makes the ASA into 2 or more separate firewalls. You could then do PBR with a router or L3 switch prior to the firewall that sends traffic for Internet to one context and the rest to the other.
If your doing NAT you could use ACL's to control which traffic to nat to the coresponding outside interface. However, your routes (static, ospf, rip) must then send the traffic to the correct interface. You also need to make sure that traffic returns to the interface it was sent from or the connection won't get built. See Policy NAT.
Actually other firewalls (like Fortinet) do have ability to have PBR, its a pity that Cisco's ASA doesn't.
Do you know if it supports ICMP redirects now as well, ie. if you point to the ASA as your default gateway and the ASA knows that the next hop should be a different router on your LAN it sends an ICMP redirect to you to inform of the correct next hop? In the PIX 6.x and 7.0 I could never get that going so wondering have they got it going for ASA 7.2 ?
In 6.x code it would not be possible because you can't send traffic back out the same int it came in on.
7.X code has a new command to allow traffic to go out the int it came in on.
same-security-traffic permit intra-interface
I think (never tried it) ICMP redirects will work if you use this command and the firewall is the default gateway for the client. Which kind of limits the use since other then small businesses most people have more then 1 subnet so the the firwall can't be the default. Catch 22!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...