Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
0
Helpful
7
Replies

redirect http/ftp traffic [ASA 5510]

clem67301
Level 1
Level 1

‎04-26-2011 07:40 AM - edited ‎03-11-2019 01:25 PM

Hi everyone !

i have the following scenario :

ISP1-------ASA 5510----------ISP2

                    |

                    |

                    |

                  LAN

i would like to use ISP2 for all http/https/ftp traffic.

how could I force my ASA to set a different gateway for http/https/ftp traffic ?

i have tried several solutions such as nat/pat rules, nothing seems to work.

thanx

cheers

clem

Labels:
0 Helpful
7 Replies 7

brquinn
Level 1
Level 1

‎04-26-2011 08:00 AM

The best way to do this is with PBR (Policy Based Routing) on an external router. If this is not possible, you can hack the ASA to do what you want, but it is not really recommended. This topic is discussed in this document and in the comments...

https://supportforums.cisco.com/docs/DOC-13015

Thanks,

Brendan

0 Helpful

clem67301
Level 1
Level 1

‎04-26-2011 08:01 AM

thanx a lot brendan !

maybe i should have RTFM before posting

0 Helpful

mkhraisa
Level 1
Level 1

‎04-26-2011 03:31 PM

Hi Clem,

If you are using a version prior to 8.3 this workaround might work for you:

route ISP1 0 0 1.1.1.2 //Default route pointing to ISP1

route ISP2 0 0 2.2.2.2 2 //Default route with Metric 2 via ISP2

static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80

static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443

sysopt noproxyarp inside

nat (inside) 1 0 0

global (ISP1) 1 interface

global (ISP2) 1 interface

This will force http/https traffic through ISP2 ... Tell me if it works

Best wishes,

Motaz Khraisat

0 Helpful

clem67301
Level 1
Level 1
In response to mkhraisa

‎04-28-2011 12:42 AM

hi motaz !

i am using version 8.4 and asdm 6.4

nevertheless i will try your solution, and i'll let you know if it works.

thanx a lot !

bye

clem

0 Helpful

mkhraisa
Level 1
Level 1

‎04-28-2011 12:46 AM

Hi clem,

You don't have to bother, it will not work with 8.3 and later .. Unfortunately, you need a router to perform PBR (Policy Based Routing), or a Layer 3 PBR capable device..

Motaz Khraisat

0 Helpful

clem67301
Level 1
Level 1
In response to mkhraisa

‎04-28-2011 12:57 AM

hi motaz

i would like to avoid buying a router... even if it seems to be the simplest solution

maybe i will try a downgrade from 8.4 to a prior version.

thanx a lot for your advices

bye

clem

0 Helpful

mkhraisa
Level 1
Level 1

‎04-28-2011 02:41 AM

Hi Clem,

Yup, if you want to avoid buying a router then you might need to try to downgrade to 8.2 ... Glad I was the to provide an answer to your concerns

Best wishes,

Motaz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card