Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

PBR VS NAT PRIORITY CISCO ASA 55XX 9.6

RASU
Level 1
Level 1

‎04-27-2018 06:40 AM - edited ‎02-21-2020 07:40 AM

Hello Friends,

 

I have tried to accomplish below task, could someone assist to proceed further on this task

 

cisco ASA :

inside interface : 1.1.1.1

DMZ1 interface : 2.2.2.2

DMZ2 interface : 3.3.3.3

 

source : 4.4.4.4 (4.4.4.0/24 reachable through inside)

Destination : 5.5.5.5 (5.5.5.0/24 reachable through DMZ2)

 

i want to divert this specific traffic (4.4.4.4 to 5.5.5.5) through DMZ1 and want to NAT the source as well, If I try route-map matching this traffic and set next hop as 2.2.2.1(DMZ1) with static NAT for natting the source, will it works ?

any other config required? How NAT and route-map behave in this scenario?

Labels:
0 Helpful
2 Replies 2

Ajay Saini
Level 7
Level 7

‎04-27-2018 08:15 AM

Hello,

 

DMZ2 is 5.5.5.0/24, if you add a more specific route for lets say 5.5.5.5/32 through DMZ1, it will work just fine. No need for PBR or route-maps.

 

We just need below config:

 

1. specific route eg. route dmz1 5.5.5.5 255.255.255.255 x.x.x.x

2. add a manual NAT with destination self NAT for 5.5.5.5. and source as 4.4.4.4 to itself.

 

Try and see if it works.

 

HTH
AJ

0 Helpful

RASU
Level 1
Level 1
In response to Ajay Saini

‎04-27-2018 08:32 PM

Hi Ajay,

 

Thanks for your suggestion, I missed one thing , 5.5.5.5 should also be reachable through DMZ2.

 

source 4.4.4.4 will nat to one of the IP in the DMZ1 subnet like 2.2.2.5

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card