CISCO ASA 5510 source basing routing

Dmitriy Popov · ‎12-23-2012

Hi, all!

several organizations wants to place their equipment and servers in my datacenter. They want to use the same resource - 10.3.1.5. I want to connect their servers and VPN-gates via my CISCO ASA 5510. When the organization was the only on ASA was static route "10.3.1.5 via 10.200.1.2". But now this decision doesnt work. Organization1 need to go to 10.3.1.5 via VPN-gate 10.200.1.2. Organization2 need to go to 10.3.1.5 via 10.200.2.2. I cannot connect teir servers and VPN-gates directly. I should do it via ASA 5510.

I need some thing like IOS PBR (more precisely - routing based on source address). Could you advice me how I can configure scheme in attachement on my ASA? May be it will be a kind of NAT?

Note: Also I need to give access to VPN-gates from other networks (NET 1 - NET n)

julomban · ‎12-25-2012

Hello Dmitriy,

I am afraid that is not possible what you are trying to accomplish with your ASA. The ASA only routes traffic based on destination IP (10.3.1.5) not by source (Organization1 and Organization2).

This is only possible on Cisco Routers.

Regards,

Juan Lombana

Please rate helpful posts.

Andrew Phirsov · ‎12-25-2012

If possible, you can translate 10.3.1.5 on each VPN-gate to something unique for corresponding organization when going to ASA (using some kind of static nat). For example, on VPN gate1 you can translate 10.3.1.5 to 10.31.1.5 and to VPN gate2 - to 10.32.1.5. On ASA u'll just add two static routes each pointing to corresponding VPN-gate.

route to 10.31.1.5 via 10.200.1.2

route to 10.32.1.5 via 10.200.2.2