topic PBR on cisco ASA in Network Security https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325239#M1064225 <P>Dear all,</P> <P>I have a cisco asa vers. 8.4(2)8 with 2 outside interface. I need to redirect the traffic form only 1 host to use a different outside interface. I explane better</P> <P>Outside1 = internet traffic</P> <P>Outside2= single host traffic</P> <P>&nbsp;</P> <P>I tried to create a route-map but it seems does't possibile on my version.</P> <P><BR />Can anyone help me to do this ?</P> <P>&nbsp;</P> <P>Thank you,</P> <P><BR />Daniele.</P> Fri, 21 Feb 2020 15:17:31 GMT pugliededaniele88 2020-02-21T15:17:31Z PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325239#M1064225 <P>Dear all,</P> <P>I have a cisco asa vers. 8.4(2)8 with 2 outside interface. I need to redirect the traffic form only 1 host to use a different outside interface. I explane better</P> <P>Outside1 = internet traffic</P> <P>Outside2= single host traffic</P> <P>&nbsp;</P> <P>I tried to create a route-map but it seems does't possibile on my version.</P> <P><BR />Can anyone help me to do this ?</P> <P>&nbsp;</P> <P>Thank you,</P> <P><BR />Daniele.</P> Fri, 21 Feb 2020 15:17:31 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325239#M1064225 pugliededaniele88 2020-02-21T15:17:31Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325397#M1064226 <P>Hello,</P> <P>&nbsp;</P> <P>PBR is available 9.4.1 onwards:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518</A></P> <P>&nbsp;</P> <P>You would need to upgrade the ASA to 9.4.1 to get this support.</P> <P>&nbsp;</P> <P>HTH</P> <P>AJ</P> Mon, 05 Feb 2018 16:12:43 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325397#M1064226 Ajay Saini 2018-02-05T16:12:43Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325939#M1064227 <P>Hi,</P> <P>I see the software version availability and the last version available is 9.1.7. 9.4.1 is not available. Is this version not compatibile with asa 5510 ?</P> Tue, 06 Feb 2018 13:19:49 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3325939#M1064227 pugliededaniele88 2018-02-06T13:19:49Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3326011#M1064228 <P>Thats true, legacy ASA does not support the version 9.4.x and hence PBR.</P> <P>&nbsp;</P> <P>-</P> <P>HTH<BR />AJ</P> Tue, 06 Feb 2018 15:20:46 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3326011#M1064228 Ajay Saini 2018-02-06T15:20:46Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3326034#M1064229 <P>Hi,</P> <P>can you explain me what means legacy asa ? is there a lists of the compatible device ?</P> <P>&nbsp;</P> <P>Thank you,</P> <P>&nbsp;</P> <P>Daniele.</P> Tue, 06 Feb 2018 15:47:07 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3326034#M1064229 pugliededaniele88 2018-02-06T15:47:07Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327268#M1064230 <P>Hello,</P> <P>&nbsp;</P> <P>You can refer to following tables for the info. Legacy ASA means the old ASA 5500 devices. Newer ones came out as 5500-X series appliances followed by Firepower UTM appliances, likes of 2100, 4100, 7000 and 8000 series:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-112283" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-112283</A></P> <P>&nbsp;</P> <P>Refer to table 6.</P> <P>&nbsp;</P> <P>-</P> <P>HTH<BR />AJ</P> Thu, 08 Feb 2018 05:51:08 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327268#M1064230 Ajay Saini 2018-02-08T05:51:08Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327320#M1064231 <P>thank you <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 08 Feb 2018 08:21:16 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327320#M1064231 pugliededaniele88 2018-02-08T08:21:16Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327522#M1064232 <P>Hi,</P> <P>I found a work-around with a nat rule to route the traffic from the host out another interface.</P> <P>&nbsp;</P> <P>object-group network NAVIGAZIONE_DIROTTATA</P> <P>&nbsp;description --host dirottati verso l'interfaccia outside--</P> <P>&nbsp;network-object 192.2.200.135 255.255.255.255</P> <P>&nbsp;</P> <P>&nbsp;object network ANY</P> <P>&nbsp;subnet 0.0.0.0 0.0.0.0</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>nat (inside,outside) source dynamic NAVIGAZIONE_DIROTTATA interface destination static ANY any</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN class="short_text"><SPAN class="">I'm just waiting for confirmation from our customer that it works.</SPAN></SPAN></P> Thu, 08 Feb 2018 13:57:10 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3327522#M1064232 pugliededaniele88 2018-02-08T13:57:10Z Re: PBR on cisco ASA https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3328163#M1064233 <P>Hi,</P> <P>I write to confirm that the nat rule works fine.</P> <P>&nbsp;</P> <P>You need to pay attention at the function of proxy-arp. This function need to be disabled with command</P> <P>&nbsp;sysopt noproxyarp inside</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 09 Feb 2018 11:55:27 GMT https://community.cisco.com/t5/network-security/pbr-on-cisco-asa/m-p/3328163#M1064233 pugliededaniele88 2018-02-09T11:55:27Z