topic Re: routing outbound traffic to 2 interfaces on asa in Network Security https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005685#M939644 <HTML><HEAD></HEAD><BODY><P>Hi Celso,</P><P> Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.</P><P> Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.</P><P></P><P>access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp</P><P>nat (inside) 1 access-list smtp_nat_outbound</P><P>global (outside) 1 interface</P><P>nat (inside) 2 0 0</P><P>global (dmz1) 2 interface</P><P></P><P>route outside mailserver1ip 255.255.255.255 rtr1ip</P><P>route outside mailserver2ip 255.255.255.255 rtr1ip</P><P>route outside mailserver3ip 255.255.255.255 rtr1ip</P><P>route dmz1 0.0.0.0 0.0.0.0 rtr2ip</P><P></P><P>Regards</P></BODY></HTML> Mon, 07 Apr 2008 17:33:43 GMT Alan Huseyin Kayahan 2008-04-07T17:33:43Z routing outbound traffic to 2 interfaces on asa https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005684#M939641 <P>given; </P><P></P><P>rtr1 connected to outside </P><P>rtr2 connected to dmz1 </P><P>lan connected to inside </P><P></P><P>we wanted to achieve the ff; </P><P>-mail traffic to go to the OUTSIDE </P><P>-http traffic to go to the DMZ1 </P><P></P><P>how can we achieve the above on ASA </P><P></P><P></P> Mon, 11 Mar 2019 12:28:08 GMT https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005684#M939641 cfajardo1_2 2019-03-11T12:28:08Z Re: routing outbound traffic to 2 interfaces on asa https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005685#M939644 <HTML><HEAD></HEAD><BODY><P>Hi Celso,</P><P> Cisco firewalls do not support PBR (Policy Based Routing). Technically, what you want to achieve is impossible since you dont have specific destinations. But if you have the IP addresses of your destinations (which you cant for smtp or www traffic), following is the workaround.</P><P> Following config will redirect mail traffic to outside and rest of the traffic including web to dmz1.</P><P></P><P>access-list smtp_nat_outbound permit ip insideipsubnet insidenetmask any eq smtp</P><P>nat (inside) 1 access-list smtp_nat_outbound</P><P>global (outside) 1 interface</P><P>nat (inside) 2 0 0</P><P>global (dmz1) 2 interface</P><P></P><P>route outside mailserver1ip 255.255.255.255 rtr1ip</P><P>route outside mailserver2ip 255.255.255.255 rtr1ip</P><P>route outside mailserver3ip 255.255.255.255 rtr1ip</P><P>route dmz1 0.0.0.0 0.0.0.0 rtr2ip</P><P></P><P>Regards</P></BODY></HTML> Mon, 07 Apr 2008 17:33:43 GMT https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005685#M939644 Alan Huseyin Kayahan 2008-04-07T17:33:43Z Re: routing outbound traffic to 2 interfaces on asa https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005686#M939646 <HTML><HEAD></HEAD><BODY><P>That make sense. Thanks a lot.</P></BODY></HTML> Wed, 09 Apr 2008 13:15:39 GMT https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005686#M939646 cfajardo1_2 2008-04-09T13:15:39Z Re: routing outbound traffic to 2 interfaces on asa https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005687#M939654 <HTML><HEAD></HEAD><BODY><P>You are welcome.</P></BODY></HTML> Wed, 09 Apr 2008 13:32:33 GMT https://community.cisco.com/t5/network-security/routing-outbound-traffic-to-2-interfaces-on-asa/m-p/1005687#M939654 Alan Huseyin Kayahan 2008-04-09T13:32:33Z