Re: Redirect Specific Users to user specific WAN interface?

ipv6x · ‎10-14-2022

Hello,

I am trying to force some users to send traffic to specific wan interface.

Created a ACL:

ALLOW inside_zone specific_users ---> outside_zone interface_WAN3

in NAT

dynamic NAT from inside to outside WAN3 interface.

But when i try to see from users if they use wan3 they go out from wan 1 interface.

Any ideas?

Thnx

balaji.bandi · ‎10-14-2022

Either you need to some static route or PBR for that IP to go to use different gateway than default.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ipv6x · ‎10-14-2022

yes it's also static route:

192.168.100.141 255.255.255.255 2.9.8.161

But he's go from wan 1...

MHM Cisco World · ‎10-14-2022

the static route use for destination not for source of packet,
the only solution here to override the RIB here is using PBR.

ip access-list extended 100
permit ip <user> any
!
route-map WAN3 permit 10
match ip address 100
set <WAN3>

ipv6x · ‎10-14-2022

@MHM Cisco World in flexconfig is any possibility to configure that?

MHM Cisco World · ‎10-14-2022

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217588-configure-pbr-with-ip-slas-for-dual-isp.html

ipv6x · ‎10-14-2022

that is if you are using FMC, but i am using FDM

MHM Cisco World · ‎10-14-2022

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html

ipv6x · ‎10-14-2022

access-list to_wan3; 1 elements; name hash: 0x96895f8d
access-list to_wan3 line 1 extended permit ip host 192.168.100.141 any4 log default
(hitcnt=0) 0x632e27c6
> show route-map
route-map map_to_wan3, permit, sequence 10
Match clauses:
ip address (access-lists): to_wan3
interface outside_wan3

the configuration but again is not working