Re: ASA_PBR

tamas.horvath · ‎04-17-2019

Hi All,

I would like to set policy-based routing on ASA 55XX. Http traffic coming from a vlan should be routed to an interface of
a not directly connected content filter which is in a different subnet.
Could you please share a sample configuration of a similar scenario with me?

Thank you in advance,
Tamas

Karsten Iwen · ‎04-17-2019

You can't tell PBR to send the traffic to a remote device. Does the content-engine support WCCP? That could be an option depending on your setup.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

joseph.h.nguyen · ‎04-17-2019

I don't have a sample configuration but you can refer to Cisco guide, https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf

I agree with Karsten that a more simple solution to your design is to use WCCP if available on the content filter. Otherwise, you would have to implement PBR on each Layer 3 hop to get to your content filter.

tamas.horvath · ‎04-18-2019

Thanks.

And how would this issue be solved if the ASA and the content filter are on different sites wich are connected by a site2site vpn tunnel?

Karsten Iwen · ‎04-18-2019

That won't work due to WCCP-limitations in the ASA. You could do WCCP on the Upstream L3-Switch where your ASA is connected to.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

tamas.horvath · ‎04-18-2019

Thanks.
And how would this issue be solved if the ASA and the content filter are on different sites wich are connected by a site2site vpn tunnel?