12-09-2015 08:55 PM - edited 03-12-2019 12:01 AM
I am using ASA OS 9.5.2
Have 2 Internet links terminated and have 2 different LAN subnets , need one subnet to exit from first internet while the second one should use second internet.
I believed PBR with NAT could do the work here but in PBR I would need to assign ACL with ANY destination address e.g. "source_address_1 to ANY_Destination" and source_address_2 to "ANY_destination" and then map them to route-maps with set next hop as respective interfaces gateway .
The problem is that route-map will not accept ACL with ANY as destination ( it gives error ) and I am unsure how to achive this thing without using the ANY statement.
I have already configured dynamic PAT for both of those subnets with respective exit interfaces ( internet links ). Moreover I believe that in ASA the first packet route lookup is done based on the NAT configured and because that is here I still should be able to make requirement fullfil but while doing the packet-tracert command I see that both subnets are exiting from first interface.
Please advise.
12-10-2015 12:41 AM
Hi,
Can you paste in the error as well please.
Ciao
JC
12-10-2015 12:46 AM
access-list test extended permit ip 10.102.0.0 255.255.0.0 any
ASA(config)# route-map test 10
ASA(config-route-map)# match ip add
ASA(config-route-map)# match ip address test
WARNING: If access-list test having destination "any\any4\any6" is used as match criteria for a route map, and applied to any routing protocol it will not have any effect. Instead use standard ACL or extended ACL without any\any4\any6 in destination.
12-10-2015 12:53 AM
Got it working , it was just a warning message and command was getting accepted .
Thanks
12-10-2015 01:46 AM
Hi,
Cool,
I would still use the "any4" instead of just any...
eg
access-list test extended permit ip 10.102.0.0 255.255.0.0 any4
Ciao
JC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide