cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1702
Views
10
Helpful
8
Replies
Highlighted

PBR on cisco ASA

Dear all,

I have a cisco asa vers. 8.4(2)8 with 2 outside interface. I need to redirect the traffic form only 1 host to use a different outside interface. I explane better

Outside1 = internet traffic

Outside2= single host traffic

 

I tried to create a route-map but it seems does't possibile on my version.


Can anyone help me to do this ?

 

Thank you,


Daniele.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: PBR on cisco ASA

Hello,

 

PBR is available 9.4.1 onwards:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518

 

You would need to upgrade the ASA to 9.4.1 to get this support.

 

HTH

AJ

8 REPLIES 8
Rising star

Re: PBR on cisco ASA

Hello,

 

PBR is available 9.4.1 onwards:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518

 

You would need to upgrade the ASA to 9.4.1 to get this support.

 

HTH

AJ

Re: PBR on cisco ASA

Hi,

I see the software version availability and the last version available is 9.1.7. 9.4.1 is not available. Is this version not compatibile with asa 5510 ?

Rising star

Re: PBR on cisco ASA

Thats true, legacy ASA does not support the version 9.4.x and hence PBR.

 

-

HTH
AJ

Re: PBR on cisco ASA

Hi,

can you explain me what means legacy asa ? is there a lists of the compatible device ?

 

Thank you,

 

Daniele.

Rising star

Re: PBR on cisco ASA

Hello,

 

You can refer to following tables for the info. Legacy ASA means the old ASA 5500 devices. Newer ones came out as 5500-X series appliances followed by Firepower UTM appliances, likes of 2100, 4100, 7000 and 8000 series:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-112283

 

Refer to table 6.

 

-

HTH
AJ

Re: PBR on cisco ASA

thank you :)

Re: PBR on cisco ASA

Hi,

I found a work-around with a nat rule to route the traffic from the host out another interface.

 

object-group network NAVIGAZIONE_DIROTTATA

 description --host dirottati verso l'interfaccia outside--

 network-object 192.2.200.135 255.255.255.255

 

 object network ANY

 subnet 0.0.0.0 0.0.0.0

 

 

nat (inside,outside) source dynamic NAVIGAZIONE_DIROTTATA interface destination static ANY any

 

 

I'm just waiting for confirmation from our customer that it works.

Re: PBR on cisco ASA

Hi,

I write to confirm that the nat rule works fine.

 

You need to pay attention at the function of proxy-arp. This function need to be disabled with command

 sysopt noproxyarp inside