04-06-2008 11:13 PM - edited 03-11-2019 05:28 AM
given;
rtr1 connected to outside
rtr2 connected to dmz1
lan connected to inside
we wanted to achieve the ff;
-mail traffic to go to the OUTSIDE
-http traffic to go to the DMZ1
how can we achieve the above on ASA
04-07-2008 10:33 AM
Hi Celso,
Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.
Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.
access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp
nat (inside) 1 access-list smtp_nat_outbound
global (outside) 1 interface
nat (inside) 2 0 0
global (dmz1) 2 interface
route outside mailserver1ip 255.255.255.255 rtr1ip
route outside mailserver2ip 255.255.255.255 rtr1ip
route outside mailserver3ip 255.255.255.255 rtr1ip
route dmz1 0.0.0.0 0.0.0.0 rtr2ip
Regards
04-09-2008 06:15 AM
That make sense. Thanks a lot.
04-09-2008 06:32 AM
You are welcome.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: