cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
406
Views
2
Helpful
4
Replies

Send specific internal traffic out over new ISP

Shawn M
Level 1
Level 1

I have a new isp on a 2nd outside interface. I would like to send all traffic from one ip range and only that range out over the new ISP.

Currently Here is what I have

interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address a.a.a.a 255.255.255.248

interface GigabitEthernet1/3
nameif NewOutside
security-level 0
ip address b.b.b.b 255.255.255.248

object network 192.168.0.1-WIFI-NET
192.168.8.0 255.255.254.0

Currently all traffic goes out over Outside. Is getting the 192.168.8.0/23 to go out over NewOutside as simple as

route NewOutside 192.168.8.0 255.255.254.0

1 Accepted Solution

Accepted Solutions

@Shawn M you can use Policy Based Routing to route traffic from the specific IP range via the new ISP link.

Example - https://integratingit.wordpress.com/2020/03/01/asa-policy-based-routing/

 

View solution in original post

4 Replies 4

@Shawn M you can use Policy Based Routing to route traffic from the specific IP range via the new ISP link.

Example - https://integratingit.wordpress.com/2020/03/01/asa-policy-based-routing/

 

Shawn M
Level 1
Level 1

So looking at this. I only want to separate some traffic 192.168.8.1/23 and the rest would go over the old isp as that is what it is already set for. Does this look like this?

interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address a.a.a.a 255.255.255.248

interface GigabitEthernet1/3
nameif NewOutside
security-level 0
ip address b.b.b.b 255.255.255.248

GigabitEthernet1/2
nameif INSIDE
security-level 100
ip address 192.168.16.12 255.255.255.248


route SECONDARY 0.0.0.0 0.0.0.0 b.b.b.b 10
route INSIDE 192.168.8.0 255.255.254.0 192.168.16.12 1

access-list ACL_PBR_NewOutside permit ip 192.168.8.0 255.255.254.0 any

route-map PBR permit 8
match ip address ACL_PBR_NewOutside
set ip next-hop b.b.b.b

interface gi1/2 (My inside is on 1/2)
policy-route route-map PBR

nat (INSIDE,NewOutside) after-auto source dynamic any interface

object network DEVICE_NewOutside
host 192.168.8.1
nat (INSIDE,NewOutside) static b.b.b.b

access-list NewOutside_IN extended permit icmp any object DEVICE_NewOutside
access-group NewOutside_IN in interface NewOutside

 

 

@Shawn M traffic that does not match the ACL (ACL_PBR_NewOutside) referenced under the route-map will be routed via the existing default route.

Shawn M
Level 1
Level 1

Awesome. This should do what I am looking for then. Thank you.

Review Cisco Networking for a $25 gift card