04-17-2019 08:39 AM
Hi All,
I would like to set policy-based routing on ASA 55XX. Http traffic coming from a vlan should be routed to an interface of
a not directly connected content filter which is in a different subnet.
Could you please share a sample configuration of a similar scenario with me?
Thank you in advance,
Tamas
04-17-2019 02:57 PM
You can't tell PBR to send the traffic to a remote device. Does the content-engine support WCCP? That could be an option depending on your setup.
04-17-2019 05:14 PM
I don't have a sample configuration but you can refer to Cisco guide, https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf
I agree with Karsten that a more simple solution to your design is to use WCCP if available on the content filter. Otherwise, you would have to implement PBR on each Layer 3 hop to get to your content filter.
04-18-2019 12:20 AM
Thanks.
And how would this issue be solved if the ASA and the content filter are on different sites wich are connected by a site2site vpn tunnel?
04-18-2019 01:07 AM
That won't work due to WCCP-limitations in the ASA. You could do WCCP on the Upstream L3-Switch where your ASA is connected to.
04-18-2019 12:21 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide