cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
247
Views
4
Helpful
3
Replies

routing outbound traffic to 2 interfaces on asa

cfajardo1_2
Level 1
Level 1

given;

rtr1 connected to outside

rtr2 connected to dmz1

lan connected to inside

we wanted to achieve the ff;

-mail traffic to go to the OUTSIDE

-http traffic to go to the DMZ1

how can we achieve the above on ASA

3 Replies 3

husycisco
Level 7
Level 7

Hi Celso,

Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.

Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.

access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp

nat (inside) 1 access-list smtp_nat_outbound

global (outside) 1 interface

nat (inside) 2 0 0

global (dmz1) 2 interface

route outside mailserver1ip 255.255.255.255 rtr1ip

route outside mailserver2ip 255.255.255.255 rtr1ip

route outside mailserver3ip 255.255.255.255 rtr1ip

route dmz1 0.0.0.0 0.0.0.0 rtr2ip

Regards

That make sense. Thanks a lot.

You are welcome.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: