Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1224
Views
0
Helpful
7
Replies

Send traffic via a specific interface for one host

Frederic Garcia
Level 1
Level 1

‎10-04-2017 03:27 AM - edited ‎02-21-2020 06:25 AM

Hello all,

 

I need help to configure my ASA for a specific host.

I have an IPBX and SDSL connection.

 

I want to send all my traffic of my IPBX server to the interface of my SDSL connection.

MyIPBX -> outside-IPBX (SDSL).

 

My ASA Version is 9.6.

You will find in attachement my running config.

Labels:
0 Helpful
7 Replies 7

TRENT WAITE
Level 1
Level 1

‎10-04-2017 04:18 AM

You would do "route Outside-IPBX XXX,XXX,XXX,XXX 255.255.255.XXX YYY.YYY.YYY.YYY 1" where XXXs are either the host address or a subnet range for the outside PBX servers and YYYs are the next hop/gateway provided by the SDSL provider.

 

So for example, if my servers were at 205.10.10.1 and 205.10.10.20 and the SDSL service gave me an IP of 65.55.55.12 with a gateway of 65.55.55.1 my route would be 

"route Outside-IPBX 205.10.10.0 255.255.255.224 65.55.55.1 1". Then you internal PBX will get routed from the ASA out through the SDSL interface only, keeping all other traffic to go out the "outside" interface

0 Helpful

Frederic Garcia
Level 1
Level 1
In response to TRENT WAITE

‎10-04-2017 05:47 AM - edited ‎10-04-2017 05:51 AM

Thanks for your help !

But I forgot an information. 
My Provider give me an IP who is : 65.55.55.12/32. It's a PPPoE connection, I don't have a gateway or next HOP (no informations, I asked to my provider...)

My route will be is : route outside-ipbx 192.168.10.xxx 255.255.255.255 65.55.55.12 1

where 192.168.10.xxx 255.255.255.255 it's my IPBX.

 

And as I don't have a gateway for my next hop I have this message : 

[ERROR] route inside 192.168.10.70 255.255.255.255 65.55.55.12 1
Invalid next hop address 65.55.55.12, it matches our IP address.

 

 

0 Helpful

TRENT WAITE
Level 1
Level 1
In response to Frederic Garcia

‎10-04-2017 10:40 AM

First, is there any chance you can add route to the IP-PBX server itself?

 

 

Second thought would be to terminate the PPOE connection on a different device (e.g. DSL modem) that is then connected to the ASA. 

 

0 Helpful

Kias
Level 1
Level 1

‎10-04-2017 11:13 PM

Hi,

 

You have to consider PBR for this scenario.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html#ID-2182-00000104

 

Regards,

 

Kias

 

 

 

Kias
Fonicom Limited
raiseaticket Malta
0 Helpful

Frederic Garcia
Level 1
Level 1
In response to Kias

‎10-26-2017 02:16 AM

Hello,

 

Sorry I was very busy...
I have opened a case, and I think we have a problem with the route. The ASA don't learn the route of my SDSL connection.

I need to test again... 

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎03-16-2018 03:19 AM

9.6 has route-map support. Configure a route-map to match all traffic from
PBX and send it out to SDSL
0 Helpful

Frederic Garcia
Level 1
Level 1
In response to Mohammed al Baqari

‎03-16-2018 03:31 AM

Hello Mohammed,

 

Thanks for your response. I contacted the TAC, and it's not working. Because, the Next Hop from my SDSL doesn't appear. Maybe I need to upgrade the version.

 

Actually, I'm stuck.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card