02-05-2018 05:13 AM - edited 02-21-2020 07:17 AM
Dear all,
I have a cisco asa vers. 8.4(2)8 with 2 outside interface. I need to redirect the traffic form only 1 host to use a different outside interface. I explane better
Outside1 = internet traffic
Outside2= single host traffic
I tried to create a route-map but it seems does't possibile on my version.
Can anyone help me to do this ?
Thank you,
Daniele.
Solved! Go to Solution.
02-05-2018 08:12 AM
Hello,
PBR is available 9.4.1 onwards:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
You would need to upgrade the ASA to 9.4.1 to get this support.
HTH
AJ
02-05-2018 08:12 AM
Hello,
PBR is available 9.4.1 onwards:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
You would need to upgrade the ASA to 9.4.1 to get this support.
HTH
AJ
02-06-2018 05:19 AM
Hi,
I see the software version availability and the last version available is 9.1.7. 9.4.1 is not available. Is this version not compatibile with asa 5510 ?
02-06-2018 07:20 AM
Thats true, legacy ASA does not support the version 9.4.x and hence PBR.
-
HTH
AJ
02-06-2018 07:47 AM
Hi,
can you explain me what means legacy asa ? is there a lists of the compatible device ?
Thank you,
Daniele.
02-07-2018 09:51 PM
Hello,
You can refer to following tables for the info. Legacy ASA means the old ASA 5500 devices. Newer ones came out as 5500-X series appliances followed by Firepower UTM appliances, likes of 2100, 4100, 7000 and 8000 series:
https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-112283
Refer to table 6.
-
HTH
AJ
02-08-2018 12:21 AM
thank you :)
02-08-2018 05:57 AM
Hi,
I found a work-around with a nat rule to route the traffic from the host out another interface.
object-group network NAVIGAZIONE_DIROTTATA
description --host dirottati verso l'interfaccia outside--
network-object 192.2.200.135 255.255.255.255
object network ANY
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) source dynamic NAVIGAZIONE_DIROTTATA interface destination static ANY any
I'm just waiting for confirmation from our customer that it works.
02-09-2018 03:55 AM
Hi,
I write to confirm that the nat rule works fine.
You need to pay attention at the function of proxy-arp. This function need to be disabled with command
sysopt noproxyarp inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide