05-13-2016 12:14 PM - edited 03-12-2019 12:45 AM
I have an ASA on which I'm trying to use PBR to route to one of two ISPs which
I'll call "slow" and "fast."
The interface to the slow ISP is connected to a subnet on which the next-hop
address is clearly in the subnet and it would count as "directly connected."
The interface to the fast ISP is connected via pppoe. The interface address
is on a different subnet than the next-hop address so it would not be directly
connected.
The default route is to the slow ISP.
When I create route maps to send traffic to the slow ISP, I see the next-hop
address being selected and the egress interface selected in the first phase
of the packet trace. That tells me that my rules are working.
When I switch the map's next-hop address to be the next-hop address of the fast
ISP interface, PBR is selecting the right next-hop address, but it leaves the
egress interface decision to the next processing step, which always selects
the slow ISP interface. Using the recursive next-hop address selection in
the route map doesn't correct the problem.
Any suggestions on how to fix this? The only thing I can think of is to set
the default route to the fast ISP and use PBR to route to the exceptions
that need to go over the slow ISP instead of now where the exceptions
are to route to the fast ISP.
01-12-2022 01:59 AM
>> First word back from TAC is that PBR+pppoe as the secondary route is a known limitation but not documented as such.
TAC was wrong. It works with PPPoE.
For Example:
route-map RM-NAME permit 10
match ip address ACL_NAME
set interface outside_2
04-23-2024 11:39 AM - edited 04-23-2024 11:40 AM
@eduard.hoffmann wrote:TAC was wrong. It works with PPPoE.
For Example:
route-map RM-NAME permit 10
match ip address ACL_NAME
set interface outside_2
This worked beautifully.
(B.t.w. I was not able to find an equivalent for this in ASDM, even though the ASDM allows you to configure many other aspects of PBR. I had to run this "set interface outside_etc" from the CLI.)
05-14-2016 12:51 PM
Here is the output you wanted to see:
# show int ip brief
Interface IP-Address OK? Method Status Protocol
Virtual0 127.1.0.1 YES unset up up
GigabitEthernet1/1 xxx.xxx.xxx.74 YES CONFIG up upGigabitEthernet1/2 yyy.yyy.yyy.209 YES manual up up
GigabitEthernet1/3 dmz YES CONFIG up up
GigabitEthernet1/4 192.168.21.4 YES CONFIG down down
GigabitEthernet1/5 unassigned YES unset down down
GigabitEthernet1/6 unassigned YES unset down down
GigabitEthernet1/7 unassigned YES unset down down
GigabitEthernet1/8 inside YES CONFIG up up
Internal-Control1/1 127.0.1.1 YES unset up up
Internal-Data1/1 unassigned YES unset up up
Internal-Data1/2 unassigned YES unset up up
Internal-Data1/3 unassigned YES unset up up
Management1/1 unassigned YES unset up up
~
07-16-2017 07:24 PM
The default route is to the slow ISP,not use 0.0.0.0 0.0.0.0;
change to this two route 0.0.0.0 128.0.0.0 and 128.0.0.0 128.0.0.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide