Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
0
Replies

PBR as a local policy on ASA

m.glosson
Beginner
Beginner

‎03-31-2017 11:51 AM - edited ‎03-12-2019 02:09 AM

It's nice that the ASA supports policy-based routing now. I'm not sure it's capable of the main thing I want to use it for, though. On an IOS router, you can specify a policy for packets sourced from the device itself using ip local policy. Is there an equivalent command on the ASA?

My scenario is that we have two "public" interfaces. I have VPN clients connecting to outside1. I want to gently transition them over to outside2 (i.e., the next time they connect, but not disrupting their current connections), but obviously the default route can only be pointed to one next-hop.

Let's say my two ASA public-facing interfaces are: Gi0/0: 1.1.1.2 and Gi0/1: 2.2.2.2. I would love to put in PBR to say "if the source is 1.1.1.2 the default next-hop is 1.1.1.1; if the source is 2.2.2.2 the default next-hop is 2.2.2.1."

Thanks

5 people had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents