Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

routing outbound traffic to 2 interfaces on asa

given;

rtr1 connected to outside

rtr2 connected to dmz1

lan connected to inside

we wanted to achieve the ff;

-mail traffic to go to the OUTSIDE

-http traffic to go to the DMZ1

how can we achieve the above on ASA

3 REPLIES

Re: routing outbound traffic to 2 interfaces on asa

Hi Celso,

Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.

Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.

access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp

nat (inside) 1 access-list smtp_nat_outbound

global (outside) 1 interface

nat (inside) 2 0 0

global (dmz1) 2 interface

route outside mailserver1ip 255.255.255.255 rtr1ip

route outside mailserver2ip 255.255.255.255 rtr1ip

route outside mailserver3ip 255.255.255.255 rtr1ip

route dmz1 0.0.0.0 0.0.0.0 rtr2ip

Regards

New Member

Re: routing outbound traffic to 2 interfaces on asa

That make sense. Thanks a lot.

Re: routing outbound traffic to 2 interfaces on asa

You are welcome.

105
Views
4
Helpful
3
Replies