what trouble shooting commands are there available for PBR on ASA?
ive created a pbr and its working outbound fine, the problem I have is an external IP coming inbound is translated and routed correctly however the return traffic doesnt see to leave the firewall.
A packet cap on the outside and dmz interface shows traffic coming into the firewall from the internet. it gets translated from the public ip to the internal ip and routed to the dmz interface. I can see packets coming back from the internal server destined to the internet on the dmz interface but i dont see the packets leave the outside interface.
I have managed to find the problem but im not sure I understand why its happening.
Outbound traffic is using the pbr and working.
inbound traffic from the internet to one of our public IP's translated to a server in the dmz doesnt work.
The problem seems to be with the return route from the server.
I can only get it working with a static route. I assumed inbound traffic would create a session and return the traffic back to the interface it came in on.