Re: Policy-based routing - Page 2

smailmilak · ‎04-06-2009

Hi,

I have a quesiton. I want to make the users on remote sites to authenticate on the ASA when they want to surf on the web.

To accomplish this they have to go through the Central router, then through the ASA to authenticate (ASA is doing NAT too) and then back to the Central router and then to the Internet.

Right now they are using a proxy that should be disconnected soon.

I tried with route-maps, the packet came to the ASA and then back to the Central router, but then I got a loop error (debug ip policy)

Here is a picture.

omar.elmohri · ‎04-15-2009

Hello,

I see that you have no need to make sub-interfaces as the router is connected on Fa0/0 and Fa0/1.

I think that your configuration is OK. You tried it right now ?

Try to debug the routing on the ASA and also NAT translations.

Regards,

Omar

smailmilak83 · ‎04-15-2009

Will do it now. I will brief you about the debug info on the ASA.

smailmilak83 · ‎04-15-2009

Well I tried to debug NAT on ASA but there is no such command or similar. Can you give an advice?

smailmilak83 · ‎04-15-2009

Here is the sh nat 2vpn outside info.

I really don't know what to do. I don't have any experience with ASA.

omar.elmohri · ‎04-15-2009

Are use using ASDM ?

you can use it with HTTPS it will permit you doing better debugging and configuration.

smailmilak83 · ‎04-15-2009

I will try that.

thank you.