cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1440
Views
0
Helpful
5
Replies

ASA_PBR

tamas.horvath
Level 1
Level 1

Hi All,

 

I would like to set policy-based routing on ASA 55XX. Http traffic coming from a vlan should be routed to an interface of 
a not directly connected content filter which is in a different subnet. 
Could you please share a sample configuration of a similar scenario with me?

 

Thank you in advance,
Tamas

5 Replies 5

You can't tell PBR to send the traffic to a remote device. Does the content-engine support WCCP? That could be an option depending on your setup.

joseph.h.nguyen
Level 1
Level 1

I don't have a sample configuration but you can refer to Cisco guide, https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf

I agree with Karsten that a more simple solution to your design is to use WCCP if available on the content filter.  Otherwise, you would have to implement PBR on each Layer 3 hop to get to your content filter.

Thanks.

 

And how would this issue be solved if the ASA and the content filter are on different sites wich are connected by a site2site vpn tunnel?

That won't work due to WCCP-limitations in the ASA. You could do WCCP on the Upstream L3-Switch where your ASA is connected to.

Thanks.
And how would this issue be solved if the ASA and the content filter are on different sites wich are connected by a site2site vpn tunnel?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: