Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
5
Helpful
3
Replies

ASA Policy Based Routing on NAT interface

NazgulNr5
Level 1
Level 1

‎01-24-2023 09:32 AM

Hi there,

is it possible on the ASA to apply PBR on a NAT interface? PBR is matched by port that is not changed by NAT.

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎01-24-2023 09:46 AM

can you more elaborate ?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2023 12:33 PM

what is the ASA Model and what Code running on it, check PBR and NAT guidelines - if you looking more support provide example and config and routes you have :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

NazgulNr5
Level 1
Level 1
In response to balaji.bandi

‎01-25-2023 01:23 AM

Hi again,

Sorry for the **bleep**post...

Here is some more info.

NAT rules:

nat (inside_2,outside) source dynamic LAN_SUBNET PUBLIC_IP2 description NAT to server x
nat (inside_1,outside) source dynamic LAN_SUBNET PUBLIC_IP1

Planned PBR:

object-group services server-x-port tcp
port-object eq 8443

access-list PBR_ACL extended permit tcp object-group LAN_NET any object-group server-x-port

route-map PBR permit 1
match ip address PBR_ACL
set ip next-hop x.x.x.x (shove out interface inside2)

Story behind this:

Traffic to the external server x comes in on interface inside2. As the static route to the internal subnets is going out interface inside1 and need to use PBR to return traffic the way it came in.

Would that work?

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card