06-29-2017 08:10 AM - edited 03-12-2019 02:38 AM
Hello,
I want to upgrade my asa to 9.8 version.
My company has two different ISP for internet access and I would like to use the first internet access for public services (email, FTP, and so on) with static public IP mapping.
The second SPI should be used by users to surf Internet.
Is it possible to implement such a solution?
Tks
Johnny
Solved! Go to Solution.
06-29-2017 09:59 AM
Hi
Yes this is possible.
Let assume your inside interface is g0/0 and 200.1.1.1 is your isp router ip on the secondary link.
The default route will point to your primary isp link.
Then you need to configure acl, route-map and attach that to your inside interface:
interface GigabitEthernet0/0
policy-route route-map pbr
!
access-list web extended permit tcp any any eq wwwaccess-list web extended permit tcp any any eq https --> you can filter the source subnet. Here for example I've authorized any source to any destination to ports 80 and 443
!
route-map pbr permit 10
match ip address web
set ip next-hop 200.1.1.1
Hope that's clear enough.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
06-29-2017 09:59 AM
Hi
Yes this is possible.
Let assume your inside interface is g0/0 and 200.1.1.1 is your isp router ip on the secondary link.
The default route will point to your primary isp link.
Then you need to configure acl, route-map and attach that to your inside interface:
interface GigabitEthernet0/0
policy-route route-map pbr
!
access-list web extended permit tcp any any eq wwwaccess-list web extended permit tcp any any eq https --> you can filter the source subnet. Here for example I've authorized any source to any destination to ports 80 and 443
!
route-map pbr permit 10
match ip address web
set ip next-hop 200.1.1.1
Hope that's clear enough.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
06-30-2017 12:20 AM
Hi,
Plz find a link...may be useful...
www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide