Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2316
Views
10
Helpful
5
Replies

PBR on ASA / FTD

Go to solution
BmfL
Level 1
Level 1

‎10-15-2020 08:01 AM - edited ‎10-15-2020 08:03 AM

Hi Folks,

 

I was researching and I could not find documentation referring to PBR on ASA or FTD  but in specific case:

 

Using PBR where the LAN users will be forward to ISP2 if trying to reach a particular site, for example google. And considering that there are multiple IPs involved on the destination I would like to use url www.goole.com as opposed to IPs and facebook.com. All other traffic would go trough ISP1.

 

I know from a router this is possible but not sure from ASA or FTD, any toughs ?

 

Many thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions
5 Replies 5

Go to solution
BmfL
Level 1
Level 1
In response to balaji.bandi

‎10-15-2020 08:18 AM

Thank you. However, I cant see how I could point www.facebook and www.google.com to ISP2 and other traffic to ISP1. The goal is to make this differentiation as opposed to send all www / https traffic to one side only. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to BmfL

‎10-15-2020 08:47 AM

I may have misunderstood the requirement, yes we do see some limitations - if IP yes, looking FQDN may not i guess.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎10-15-2020 08:21 AM

Hi @BmfL 

I don't think is possible with ASA/FTD to send specific traffic to a URL/FQDN, I think you'd need an SD-WAN solution to achieve this.

 

HTH

Go to solution
BmfL
Level 1
Level 1
In response to Rob Ingram

‎10-15-2020 08:34 AM

Hi Rob, that's what I tough but wasn't sure, too bad...

I guess in addition to what you have stated it is possible to do it on the traditional router without SD-WAN.

 

Thank you for your thoughts  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card