Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Route Map Problem


We have tow ISP links terminated on two routers WAN ports ( 1841 series). And the ethernet both the routers and the outside of the ASA are from a single subnet. ( a.b.c.0 / 24 ). Since the tow ISP's has given us a totally seperate pool of IP address we need to route the corresponding IP packet to the corresponding ISP routers. Policy based IP routing ( in this case source based for the packet going to outside world from ASA ) is not supported in ASA and we are required to use route map.

ASA has a default route to ISP-1 router ethernet. But when packet is having the source IP address from from the ISP-2 pool it shoud be sent to ISP-2 router.

I did the following configuration

on ISP-1 router:-

access-list 101 permit ip host P.Q.R.S ( IP address from the ISP-2 pool)

route map ISP2

match access-group 101

set next-hop ISP-2_router_Eth_ADDRESS

conf t

int fast0/0 ( ISP1 router interface)

ip policy route-map ISP2

With this packets with source IP with P.Q.R.S will be sent to ISP-2 router ethernet port and the remaining packets will be routed by default to WAN link that is ISP-1 WAN link.

But some how this doesnt seem to work I checked out for the access-list hit count there are not hits.

What is going wrong?

Please share your experience for route maps or terminating two ISP on a single ASA. Inputs are appreciated.

Thanks in advance


Hall of Fame Super Gold

Re: Route Map Problem


In your post you give access list 101 as:

access-list 101 permit ip host P.Q.R.S ( IP address from the ISP-2 pool)

but an extended access list should have a source address and a destination address. You have given only a single address. This may be the source of your problem.

Also it is not clear to me from your post whether the int fast0/0 is the interface which faces the firewall or whether it faces the ISP. The route map needs to be applied on the interface which faces the firewall.

[edit] Also I notice that you describe it as a pool for ISP 2 but your access list is specifying only a single address. Perhaps this is also part of the problem.



Community Member

Re: Route Map Problem


Ya ,

access list 101 ends with any ,

That means permit with source P.Q.R.S to any IP address on the internet.

Secondly we are using only one IP address from the ISP-2 pool that is P.Q.R.S hence I have used only one IP addrss as source IP.

And also fast 0/0 is the routers ASA facing interface.

ISP-2-LAN and ISP-1-LAN and ASA-Outside interface are in the same subnet and can ping to each other. I have added this policy routing on the ISP-1 router fast0/0.

Is there any way to test if this router map is being hit by packets?

I did :

debug ip packet 101 I was expecting a fireworks on console but i didnt see any thing. I am missing out some thing some where

Just not able to debug !!

CreatePlease to create content