Source interface based routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2023 04:54 AM
Pretty sure this isn't possible, but worth an ask.
I'd like to policy route some of our traffic based on application awareness. This is all being done by a Sophos XG and then routed via an alternate link to an ASA which is one of our internet /AnyConnect gateways.
As the ASA already has static routes inside for addresses any traffic the Sophos XG policy routes to the ASA is sent back via it's inside interface causing asymmetric routing.
I can fix this by NAT'ing outbound traffic that's been policy routed on the XG, however I can only do the NAT based on source/destination IP, not application awareness
Other than re-architecting the network, can I policy route traffic on the ASA so if the traffic was originally sourced from a specific interface then return traffic would be routed via this interface?
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2023 05:45 AM
Hi
Policy based routing is supported on ASA from version 9.4.1.
https://www.networkstraining.com/cisco-asa-policy-based-routing-pbr/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2023 06:20 AM
Not really what I asked. I know I can policy route based on source address. What I want to do is policy route based on the original source interface of the connection.
