https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851345#M1101367 <P>Pretty sure this isn't possible, but worth an ask.</P><P>I'd like to policy route some of our traffic based on application awareness. This is all being done by a Sophos XG and then routed via an alternate link to an ASA which is one of our internet /AnyConnect gateways.</P><P>As the ASA already has static routes inside for addresses any traffic the Sophos XG policy routes to the ASA is sent back via it's inside interface causing asymmetric routing.</P><P>I can fix this by NAT'ing outbound traffic that's been policy routed on the XG, however I can only do the NAT based on source/destination IP, not application awareness</P><P>Other than re-architecting the network, can I policy route traffic on the ASA so if the traffic was originally sourced from a specific interface then return traffic would be routed via this interface?</P><P>Cheers</P> Thu, 08 Jun 2023 11:54:26 GMT richyvrlimited 2023-06-08T11:54:26Z https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851345#M1101367 <P>Pretty sure this isn't possible, but worth an ask.</P><P>I'd like to policy route some of our traffic based on application awareness. This is all being done by a Sophos XG and then routed via an alternate link to an ASA which is one of our internet /AnyConnect gateways.</P><P>As the ASA already has static routes inside for addresses any traffic the Sophos XG policy routes to the ASA is sent back via it's inside interface causing asymmetric routing.</P><P>I can fix this by NAT'ing outbound traffic that's been policy routed on the XG, however I can only do the NAT based on source/destination IP, not application awareness</P><P>Other than re-architecting the network, can I policy route traffic on the ASA so if the traffic was originally sourced from a specific interface then return traffic would be routed via this interface?</P><P>Cheers</P> Thu, 08 Jun 2023 11:54:26 GMT https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851345#M1101367 richyvrlimited 2023-06-08T11:54:26Z https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851366#M1101371 <P>Hi</P> <P>&nbsp;Policy based routing is supported on ASA from version 9.4.1.</P> <P><A href="https://www.networkstraining.com/cisco-asa-policy-based-routing-pbr/" target="_blank">https://www.networkstraining.com/cisco-asa-policy-based-routing-pbr/</A></P> <P>&nbsp;</P> Thu, 08 Jun 2023 12:45:21 GMT https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851366#M1101371 Flavio Miranda 2023-06-08T12:45:21Z https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851381#M1101373 <P>Not really what I asked. I know I can policy route based on source address. What I want to do is policy route based on the original source <EM>interface</EM> of the connection.</P> Thu, 08 Jun 2023 13:20:38 GMT https://community.cisco.com/t5/network-security/source-interface-based-routing/m-p/4851381#M1101373 richyvrlimited 2023-06-08T13:20:38Z