ASA + 2911 + PBR & IP Addressing?

jacksonit · ‎01-29-2011

I am looking at this doc to use an ASA + 2911 to do Policy Based Routing with multiple ISPs.

From the linked doc, under the PBR scenario, what should the IP addresses be for the routers connection to the ISPs? It isnt labeled.

Thanks!

Federico Coto Fajardo · ‎01-29-2011

Hi,

By looking at the document, the IP address of the router's ISP interfaces make no difference.

Those interfaces could have any ISP-assigned addresses and will make no difference to the configuration presented in the document (because the document presents only the ASA config and the router's internal point of view).

Hope it helps.

Federico.

jacksonit · ‎01-29-2011

Ok, so I guess my question is what should they be?

I am setting up this particular configuration, and I am trying to figure out what IPs would need to be assigned to the router WAN interfaces--I only have one static IP available from each ISP, which is what the ASA is NAT'ing to.

What am I missing?

Thanks!

Federico Coto Fajardo · ‎01-29-2011

Let's see...

I think the example assumed that you can assign to the router's WAN interfaces an IP that belongs to the block that each ISP assigned.

The document says:

ISP1 provided address block is 10.10.10.0/24 and ISP2 provided address block is 172.18.124.0/24

So, the routers will have an IP corresponding to those blocks on their WAN interfaces.

The ASA will use an IP on those blocks to NAT (but the actual range belong to the routers).

You can see that by this command on the ASA:

route outside 0 0 172.16.12.2

It means the ASA has an IP belonging to the 172.16.12.x (which is not part of any ISP-given range).

Federico.

jacksonit · ‎01-31-2011

Yes ok, that's what I was looking for.

Thanks!