Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1999
Views
0
Helpful
6
Replies

Policy Based Routing in Cisco ASA

begad.nashaat
Level 1
Level 1

‎02-15-2015 05:19 AM - edited ‎03-11-2019 10:30 PM

Dears,

I want to connect three internet connections (connected to three different ISPs) to my Cisco ASA firewall, accordingly I want to configure the ASA to route traffic based on the source subnet.

Let's say that my network is divided into three different VLANs with different subnets addresses as shown below:

  • VLAN 10 -> 10.0.10.0/24
  • VLAN 20 -> 10.0.20.0/24
  • VLAN 30 -> 10.0.30.0/24

Also, the internet connection are connected to below Outside interfaces on the ASA:

  • ISP1 -> Outside1
  • ISP2 -> Outside2
  • ISP3 -> Outside3

My target is to configure the ASA to route Internet traffic based on the source subnet as mentioned below:

  • Internet traffic sourced from VLAN10 (10.0.10.0/24) to be routed through ISP1 (Outside1)
  • Internet traffic sourced from VLAN20 (10.0.20.0/24) to be routed through ISP2 (Outside2)
  • Internet traffic sourced from VLAN30 (10.0.30.0/24) to be routed through ISP3 (Outside3)

Any ideas ??????

Appreciate your feedback.

Best Regards,

Begad Ahmed

Labels:
0 Helpful
6 Replies 6

Karsten Iwen
VIP
VIP

‎02-15-2015 05:36 AM

The ASA is not capable of policy-based routing. At least not in the actual versions.

0 Helpful

begad.nashaat
Level 1
Level 1
In response to Karsten Iwen

‎02-15-2015 05:43 AM

Hi Karsten,

 

Any workaround to deploy this configuration on the ASA ??

What are the versions capable to support this type of configuration ???

 

Best Regards,

Begad Ahmed 

 

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to begad.nashaat

‎02-15-2015 10:01 AM

You can possibly accomplish it with multiple contexts or multiple virtual ASAs (ASAv product).

On a single context physical ASA it is not currently possible.

0 Helpful

begad.nashaat
Level 1
Level 1
In response to Marvin Rhoads

‎02-15-2015 10:47 AM

Thanks Marvin !!

Is it possible to provide me with sample configuration for multiple contexts ??

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to begad.nashaat

‎02-15-2015 10:55 AM

You're welcome.

Cisco has some very nice examples already. See this one for example.

Note that multiple context require separate licensing - they are not automatically included. "show version" will show your current licensing active on the ASA.

0 Helpful

Karsten Iwen
VIP
VIP

‎04-01-2015 10:15 PM

Just to add, that with ASA-version 9.4(1), policy-based routing is now supported. This is from the release-notes:

Policy Based Routing (PBR) is a mechanism by which traffic is routed through specific paths with a specified QoS using ACLs. ACLs let traffic be classified based on the content of the packet’s Layer 3 and Layer 4 headers. This solution lets administrators provide QoS to differentiated traffic, distribute interactive and batch traffic among low-bandwidth, low-cost permanent paths and high-bandwidth, high-cost switched paths, and allows Internet service providers and other organizations to route traffic originating from various sets of users through well-defined Internet connections.

We introduced the following commands: set ip next-hop verify-availability, set ip next-hop, set ip next-hop recursive, set interface, set ip default next-hop, set default interface, set ip df, set ip dscp, policy-route route-map, show policy-route, debug policy-route

 
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card