08-26-2020 12:18 AM
Could anyone please help as while enabling the PBR on Cisco ASA, not getting the trace result from other direction.
I have set all the parameters like "set connection decrement-ttl" and allowed IP any any for testing on Firewall.
Below is the Topology:
R3 192.168.1.2--------192.168.1.1R1 10.1.1.2 -----(IN) 10.1.1.1Cisco ASA(Out)20.1.1.1 -------20.1.1.2 R2
I enabled the PBR having ip next-hop as 10.1.1.2. route map acl is for any and interface acl is also any.
While doing the traceroute from 10.1.1.2 I am getting the next hop as Firewall IP 10.1.1.1, ping is also OK.
While doing the traceroute from 192.168.1.2 I am getting next hop as 192.168.1.1 but no hops after that, ping is also working in this case. I checked the packet tracer result it looks good from both the sides. Also while doing traceroute I am getting asp drop for "ttl exceeded" and also "no adgency". Could anyone please explain why the firewall is showing this behaviour, also while putting the normal routes from Cisco ASA to R1 10.1.1.1 for destination 192.168.1.2 it works.
Why the PBR is not working properly in this case.
08-26-2020 12:34 AM
08-26-2020 04:43 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide