Hi,

ronald.su · ‎04-16-2017

hi, i facing a PBR issue on ASA,

as i know , the normal PBR format is:

access-list to_ADSL extended permit ip 192.168.1.0 255.255.255.0 any

route-map my_map permit 100
match ip address to_ADSL
set ip next-hop 100.0.0.1

then apply it on the interface.

but now, my ip is dynamic...

so there is no way to know what is the next hop IP.

so i tried this :

access-list to_ADSL extended permit ip 192.168.1.0 255.255.255.0 any

route-map my_map permit 100
match ip address to_ADSL
set interface ADSL_if

then apply it on the interface. BUT, not work, how to set a PBR as the ip is dynamic...

thx

ronald.su · ‎04-17-2017

my adsl interface IP is assign by pppoe and it's dynamic

Akhil.Balachandran · ‎04-17-2017

Hi,

Along with the packet tracer, if possible, please run the below debug

debug policy-route

this will give us an idea if the policy is working as expected or not.

Regards

Akhil

ajay chauhan · ‎04-17-2017

Configuration looks ok .

Can you run packet tracer from ASA ? replace LAN with your configured name. I hope you have taken care of NAT configuration.

packet-tracer input LAN tcp 192.168.1.1 443 8.8.8.8 443

Ajay

ronald.su · ‎04-17-2017

i will try packet tracer after office hours, my nat config is ok, because if i dont define a default route, the ASA will get a default route from pppoe, and the traffice can go out normally. so the nat is ok

ASA PBR issue