https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968472#M916751 <HTML><HEAD></HEAD><BODY><P>It will follow the ASA default route..for example http traffic, to tell the asa to send outboud http traffic from specific inside network nated to another asa external interface for http it is still a PBR function, http traffic will go asa outside interface or whicever the default route points to. </P><P></P><P></P><P>Rgds</P><P>Jorge </P></BODY></HTML> Tue, 15 Jul 2008 19:27:04 GMT JORGE RODRIGUEZ 2008-07-15T19:27:04Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968467#M916705 <P>Hi,</P><P>I would like to forward all packets coming from a specific ip range on my LAN to a diferent next-hop. </P><P></P><P>I have a default route on ASA 0.0.0.0 0.0.0.0 200.200.200.200, but a specific internal network can't follow this way.</P><P></P><P>That must follow another way.</P><P></P><P>Is that possible on my ASA 5540?</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 13:14:25 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968467#M916705 Tauer Drumond 2019-03-11T13:14:25Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968468#M916714 <HTML><HEAD></HEAD><BODY><P>If Im not mistaken from your description you have two defaults routes in your network and have certain internat IP subnets to be directed to another default route other than the ASA default. ASA only supports one default route, so what you are trying to do is PBR which currently is not supported in PIX/ASA as of now. </P><P></P><P>What you may want to do is do the pbr from an inside router behind the ASA for accomplishing a next hop default route.</P><P></P><P>HTH</P><P>Jorge</P></BODY></HTML> Tue, 15 Jul 2008 14:18:02 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968468#M916714 JORGE RODRIGUEZ 2008-07-15T14:18:02Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968469#M916728 <HTML><HEAD></HEAD><BODY><P>Hi Jorge,</P><P>what im wanting to do is exactely what you said.</P><P>unfortunately I cant put another router behind ASA. </P><P>Anyway, thank you by your help.</P><P>It was so helpfull.</P><P></P><P>Tauer</P><P></P></BODY></HTML> Tue, 15 Jul 2008 14:39:19 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968469#M916728 Tauer Drumond 2008-07-15T14:39:19Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968470#M916733 <HTML><HEAD></HEAD><BODY><P>Tauer, you are very welcome, it is said in past threads readings that there may be PBR suport in future ASA roadmap but I have no link to substantiate this claim.</P><P></P><P>Another option would also be a L3 switch if budget is an object, even a L3 3550 switch with an EMI image can do pbr, here is a link in the event you may consider placing a L3 device behind ASA.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swiprout.html#wp1260543" target="_blank">http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swiprout.html#wp1260543</A></P><P></P><P>HTH</P><P>Jorge</P></BODY></HTML> Tue, 15 Jul 2008 15:13:45 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968470#M916733 JORGE RODRIGUEZ 2008-07-15T15:13:45Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968471#M916744 <HTML><HEAD></HEAD><BODY><P>Hi Jorge,</P><P>If I NAT the inside IP address at the specific external interface? Will the packets follow the default route or follow trought this interface?</P><P></P><P>Thanks</P><P>Tauer</P></BODY></HTML> Tue, 15 Jul 2008 15:53:40 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968471#M916744 Tauer Drumond 2008-07-15T15:53:40Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968472#M916751 <HTML><HEAD></HEAD><BODY><P>It will follow the ASA default route..for example http traffic, to tell the asa to send outboud http traffic from specific inside network nated to another asa external interface for http it is still a PBR function, http traffic will go asa outside interface or whicever the default route points to. </P><P></P><P></P><P>Rgds</P><P>Jorge </P></BODY></HTML> Tue, 15 Jul 2008 19:27:04 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968472#M916751 JORGE RODRIGUEZ 2008-07-15T19:27:04Z https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968473#M916756 <HTML><HEAD></HEAD><BODY><P>ok Jorge,</P><P>So... I'll try find another solution.</P><P>I just wanna thank you by your answers..they were so helpfull.</P><P></P><P>Regards</P><P></P><P>Tauer</P></BODY></HTML> Tue, 15 Jul 2008 19:30:17 GMT https://community.cisco.com/t5/network-security/diferents-default-next-hops/m-p/968473#M916756 Tauer Drumond 2008-07-15T19:30:17Z