Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
2
Replies

ASA5506 PBR with two ISPs

escswosp
Level 1
Level 1

‎01-28-2016 08:44 AM - edited ‎03-12-2019 12:12 AM

Hello,

since the asa supports pbr we want to use this feature to do some traffic shaping. We are running version 9.5(1) and have two ISP connections via PPPoE each ISP.

Is it possible to use pbr on the asa in this scenario?

We have done the setup with non dynamic ISP connections and we had not problems. But we can´t find a solution with dynamic pppoe setups.

It looks like the learned default routes have to be local connected. But with PPPoE we are receiving default routes

logging:

.....

pbr: First matching rule from ACL(4)
pbr: route map MET_PBR_RM_MET_LAN, sequence 10, permit; proceed with policy routing
pbr: evaluating recursive next-hop 217.0.118.45
pbr: no route to next-hop 217.0.118.45 found
pbr: policy based routing could not be applied; proceeding with normal route lookup

...

show asp table routing
route table timestamp: 591
in   255.255.255.255 255.255.255.255 identity
in   127.1.0.1       255.255.255.255 identity
in   217.237.188.89  255.255.255.255 identity
in   192.168.10.1    255.255.255.255 identity
in   91.18.25.86     255.255.255.255 identity
in   217.237.188.80  255.255.255.240 ISP_STATIC
in   192.168.10.0    255.255.255.0   LAN_MET
in   0.0.0.0         0.0.0.0         via x.x.x.x ISP_STATIC
out  255.255.255.255 255.255.255.255 LAN_MET
out  192.168.10.1    255.255.255.255 LAN_MET
out  192.168.10.0    255.255.255.0   LAN_MET
out  224.0.0.0       240.0.0.0       LAN_MET
out  255.255.255.255 255.255.255.255 ISP_PPPoE
out  224.0.0.0       240.0.0.0       ISP_PPPoE
out  0.0.0.0         0.0.0.0         via 217.0.118.45, ISP_PPPoE
out  255.255.255.255 255.255.255.255 ISP_STATIC
out  217.237.188.89  255.255.255.255 ISP_STATIC
out  217.237.188.80  255.255.255.240 ISP_STATIC
out  224.0.0.0       240.0.0.0       ISP_STATIC
out  0.0.0.0         0.0.0.0         via 217.237.188.81, ISP_STATIC
out  255.255.255.255 255.255.255.255 _internal_loopback
out  224.0.0.0       240.0.0.0       _internal_loopback
out  0.0.0.0         0.0.0.0         via 0.0.0.0, identity
out  ::              ::              via 0.0.0.0, identity

route-map MET_PBR_RM_MET_LAN permit 10
 match ip address PBR_ACL_MET_SRV_SMTP
 set ip next-hop recursive 217.0.118.45

interface GigabitEthernet1/8
 nameif LAN_MET
 security-level 100
 ip address 192.168.10.1 255.255.255.0
 policy-route route-map MET_PBR_RM_MET_LAN

Any ideas?

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-28-2016 02:24 PM

With version 9.5(2) does not work properly with PPPoE connections.  You will not get this to work.  The ASA fails to set the next hop correctly.

Perhaps the next software version.

0 Helpful

schuetzm
Level 1
Level 1
In response to Philip D'Ath

‎01-11-2017 09:39 AM

Hello, does it work with version 9.5(3)?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card