Hi -
We have a lab pod configuration that forces traffic to specific pod routers via PBR on our core switch. When a user chooses a specific group when logging into AnyConnect, we apply a group-unique IP Pool, then enforce routing at the next hop.
While this is a functional configuration, it is cumbersome to maintain configuration at multiple hops on the routing path from user to lab pod. We are looking for a way to simplify this through PBR only on the ASA.
Specifically, since AnyConnect automatically generates an RRI entry in the ASA routing table, it would stand to reason that I should be able to apply a route tag to the RRI entry based on the group used to connect. So far, I can't find a way to do this.
The drawing below shows the basic idea where the firewall and pod routers are in the same network.
Ideas?
Thanks in advance!
PSC