cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ASA PBR

manemaren
Level 1
Level 1

Hi,

I am trying to configure my ASA 5515x with Policy Based Routing. I have 2 inside network which need to access internet via 2 different outside interface.

object network OBJ-NET-INSIDE25
subnet 172.25.1.0 255.255.255.0
object network OBJ-NET-INSIDE26
subnet 172.26.1.0 255.255.255.0

object network OBJ-NET-INSIDE25
nat (inside25,outside1) dynamic interface
object network OBJ-NET-INSIDE26
nat (inside26,outside2) dynamic interface

access-list ACL-OUTSIDE1 permit 172.25.1.0 255.255.255.0
access-list ACL-OUTSIDE2 permit 172.26.1.0 255.255.255.0

route-map PBR-MAP permit 10
match ip address ACL-OUTSIDE1
set interface OUTSIDE1
route-map PBR-MAP permit 20
match ip address ACL-OUTSIDE2
set interface OUTSIDE2
route-map PBR-MAP permit 30
set interface null0

interface GigabitEthernet0/0
policy-route route-map PBR-MAP

interface GigabitEthernet0/1
policy-route route-map PBR-MAP

It does not work. The PC in the inside26 network did not get internet access. I did a debug as follows :

pbr: policy based route lookup called for x.x.x.77/138 to x.x.x.255/138 proto 17 sub_proto 0 received on interface outside2
pbr: First matching rule from ACL(-1)
pbr: route map PBR-MAP, sequence 30, permit; proceed with policy routing
pbr: evaluating interface Null0
pbr: policy based routing applied; packet is dropped

Something is not right with the Access-List? It matches to sequence 30. Since the PC is in inside26, it should match sequence 20 but it didn't.

Any idea? Please assist.

Who Me Too'd this topic