Policy Based Routing Feature in ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2014 10:44 PM - edited 03-11-2019 08:23 PM
Hi All
I know that the old versions of ASA does not support PBR, and as workarround we may use multiple contexts with different routing (not a good solution). HOwever do we have this feature available now in V9.0 and are Cisco planning to have such feature.
Thanks in advanced
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 12:36 AM
No, there is still no PBR as of ASA software 9.1(4) (= the latest as of this posting).
I have not heard of it being added to upcoming releases.
We steer customers with ASAs and PBR needs to use upstream routers with the full set of IOS features available on them.
I try to avoid anything but the most basic routing on an ASA the rare many limitations an ASA has as a router.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2015 10:50 AM
Update - PBR is on the ASA roadmap. Look for it in 9.4.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2017 11:26 AM
From the posted documents, the debug does not seems able to show the traffic been "NAT" through the ASA. Is there a way to show the PBR flow been "NATed" after the PBR-ACL capture the interesting traffic at the Interface?
Or should we use "packet-tracer" to check it/
Thanks
Antien
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2017 09:37 PM
Packet-tracer is the most reliable method (apart from capturing at an upstream device).

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2017 05:31 AM
Hi Marvin,
thank you... just wondering if there is a packet process flow diagram to illustrate in ASA. It will help to understand and trouble shoot.
Thanks again.
Antien
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2017 08:56 AM
You're welcome.
Sure - here is a current example (open image in new tab to zoom):
Source:
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90865

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2015 01:34 PM
Policy Based Routing is now available in Cisco ASA software version 9.4(1).
See the New Features section in the Release Notes, under Routing Features:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections.
See more at: https://supportforums.cisco.com/document/30251/cisco-asa-policy-based-routing#sthash.y9fyiUjM.dpuf
Policy Based Routing is now available in Cisco ASA software version 9.4(1).
See the New Features section in the Release Notes, under Routing Features:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections.
- See more at: https://supportforums.cisco.com/document/30251/cisco-asa-policy-based-routing#sthash.y9fyiUjM.dpuf
Policy Based Routing is now available in Cisco ASA software version 9.4(1).
See the New Features section in the Release Notes, under Routing Features:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections.
- See more at: https://supportforums.cisco.com/document/30251/cisco-asa-policy-based-routing#sthash.y9fyiUjM.dpuf
Policy Based Routing is now available in Cisco ASA software version 9.4(1).
See the New Features section in the Release Notes, under Routing Features:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections.
- See more at: https://supportforums.cisco.com/document/30251/cisco-asa-policy-based-routing#sthash.y9fyiUjM.dpuf
