Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
2
Helpful
4
Replies

Send specific internal traffic out over new ISP

Go to solution
Shawn M
Level 1
Level 1

‎05-11-2024 03:30 AM

I have a new isp on a 2nd outside interface. I would like to send all traffic from one ip range and only that range out over the new ISP.

Currently Here is what I have

interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address a.a.a.a 255.255.255.248

interface GigabitEthernet1/3
nameif NewOutside
security-level 0
ip address b.b.b.b 255.255.255.248

object network 192.168.0.1-WIFI-NET
192.168.8.0 255.255.254.0

Currently all traffic goes out over Outside. Is getting the 192.168.8.0/23 to go out over NewOutside as simple as

route NewOutside 192.168.8.0 255.255.254.0

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎05-11-2024 03:35 AM

@Shawn M you can use Policy Based Routing to route traffic from the specific IP range via the new ISP link.

Example - https://integratingit.wordpress.com/2020/03/01/asa-policy-based-routing/

 

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎05-11-2024 03:35 AM

@Shawn M you can use Policy Based Routing to route traffic from the specific IP range via the new ISP link.

Example - https://integratingit.wordpress.com/2020/03/01/asa-policy-based-routing/

 

Go to solution
Shawn M
Level 1
Level 1

‎05-11-2024 04:40 AM

So looking at this. I only want to separate some traffic 192.168.8.1/23 and the rest would go over the old isp as that is what it is already set for. Does this look like this?

interface GigabitEthernet1/1
nameif Outside
security-level 0
ip address a.a.a.a 255.255.255.248

interface GigabitEthernet1/3
nameif NewOutside
security-level 0
ip address b.b.b.b 255.255.255.248

GigabitEthernet1/2
nameif INSIDE
security-level 100
ip address 192.168.16.12 255.255.255.248


route SECONDARY 0.0.0.0 0.0.0.0 b.b.b.b 10
route INSIDE 192.168.8.0 255.255.254.0 192.168.16.12 1

access-list ACL_PBR_NewOutside permit ip 192.168.8.0 255.255.254.0 any

route-map PBR permit 8
match ip address ACL_PBR_NewOutside
set ip next-hop b.b.b.b

interface gi1/2 (My inside is on 1/2)
policy-route route-map PBR

nat (INSIDE,NewOutside) after-auto source dynamic any interface

object network DEVICE_NewOutside
host 192.168.8.1
nat (INSIDE,NewOutside) static b.b.b.b

access-list NewOutside_IN extended permit icmp any object DEVICE_NewOutside
access-group NewOutside_IN in interface NewOutside

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Shawn M

‎05-11-2024 04:44 AM

@Shawn M traffic that does not match the ACL (ACL_PBR_NewOutside) referenced under the route-map will be routed via the existing default route.

Go to solution
Shawn M
Level 1
Level 1

‎05-11-2024 04:45 AM

Awesome. This should do what I am looking for then. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card