cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


223
Views
5
Helpful
6
Replies
Beginner

ASA PBR problem

what trouble shooting commands are there available for PBR on ASA?

ive created a pbr and its working outbound fine, the problem I have is an external IP coming inbound is translated and routed correctly however the return traffic doesnt see to leave the firewall.

A packet cap on the outside and dmz interface shows traffic coming into the firewall from the internet. it gets translated from the public ip to the internal ip and routed to the dmz interface. I can see packets coming back from the internal server destined to the internet on the dmz interface but i dont see the packets leave the outside interface.

 

Thanks

6 REPLIES 6

Re: ASA PBR problem

Are you using SIP ? Do you see SIP confirmation exchange ? Can you share your NAT and do you have inspect SIP enabled ?

Abdullo Salikhov
Dushanbe, Tajikistan
Beginner

Re: ASA PBR problem

im not using SIP. its just internet traffic to an internal server on 443

Frequent Contributor

Re: ASA PBR problem

I have tried on 9.6: PBR and NAT doesn't work on ASA (yet).
packet capture showed it as it works but traffic capture and production said something else.
Beginner

Re: ASA PBR problem

Thanks

the outbound dynamic nat with PBR seems to work ok. Im using v9.8

is there a compatibility table?

Highlighted
Frequent Contributor

Re: ASA PBR problem

Can you share the NAT config that's used in conjunction with PBR?

Thanks!
Beginner

Re: ASA PBR problem

I have managed to find the problem but im not sure I understand why its happening.

Outbound traffic is using the pbr and working.

inbound traffic from the internet to one of our public IP's translated to a server in the dmz doesnt work.

The problem seems to be with the return route from the server.

I can only get it working with a static route. I assumed inbound traffic would create a session and return the traffic back to the interface it came in on.