01-10-2017 12:44 PM - edited 03-12-2019 01:45 AM
I have a requirement to do a PBR on a firewall if the traffic has the dcsp set to 46.
I can have accomplished this on a Switch/router, just need to determine if I can do this on a Cisco ASA 5506.
Has anyone attempted or accomplished this.
Here is the config I used for the Switch:
ip access-list extended Skype_Policy_Routing
remark Skype Policy Routing for Charlotte
permit ip 10.1.10.0 0.0.0.255 10.10.15.0 0.0.0.255 dscp ef
permit ip 10.1.20.0 0.0.0.255 10.10.15.0 0.0.0.255 dscp ef
permit ip 10.1.30.0 0.0.0.255 10.10.15.0 0.0.0.255 dscp ef
permit ip 10.1.41.0 0.0.0.255 10.10.15.0 0.0.0.255 dscp ef
remark Skype Policy Routing for Cary
permit ip 10.1.10.0 0.0.0.255 10.10.38.0 0.0.0.255 dscp ef
permit ip 10.1.20.0 0.0.0.255 10.10.38.0 0.0.0.255 dscp ef
permit ip 10.1.30.0 0.0.0.255 10.10.38.0 0.0.0.255 dscp ef
permit ip 10.1.41.0 0.0.0.255 10.10.38.0 0.0.0.255 dscp ef
Route-map Skype_Policy_Routing permit 10
match ip address Skype_Policy_Routing
set ip next-hop 10.1.99.2
Route-map Skype_Policy_Routing permit 20
Thank you in advance for any assistance.
Solved! Go to Solution.
01-10-2017 02:06 PM
for starters you will need to run 9.4.x on your ASA
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
check the article under routing features, PBR is possible from that version
01-10-2017 02:06 PM
for starters you will need to run 9.4.x on your ASA
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/release/notes/asarn94.html#pgfId-116518
check the article under routing features, PBR is possible from that version
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide