Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
2
Replies

Cisco ASA 5512-x Directing Traffic

sdawson14
Level 1
Level 1

‎08-18-2015 08:49 AM - edited ‎03-05-2019 02:05 AM

Hi All,

I have been trying to do something with an ASA which has me stumped! 

We have a client who has two lines coming in, I shall refer to them as FTTC1 and FTTC2 to keep it simple. Both of these lines come into the ASA and FTTC1 is interface Outside1 and FTTC2 is Outside2 and the LAN comes in on interface Inside. 

 

I have all of the traffic routing happily and working with NAT fine from the LAN, however, they have an RDS server which is on the address 192.168.10.7, we want to have this Server only go out via FTTC2. No matter what I do the server will only go out of Outside1 (FTTC1). Does anyone know a way of setting this up, I currently have NAT setup globally, do I want to change this to have the NAT setup in the object?

 

Thank you all for any help and sorry if this isn't clear, this is my first time working with an ASA and may not be explaining myself well. Below is some of what I have setup so far:

 

The external IP addresses for the ASA are the two routers we have on the end of the FTTC lines.

 

interface GigabitEthernet0/1
 nameif OUTSIDE1
 security-level 0
 ip address 192.168.20.2 255.255.255.252

!
interface GigabitEthernet0/3
 nameif OUTSIDE2
 security-level 0
 ip address 192.168.20.6 255.255.255.252

!
interface GigabitEthernet0/5
 nameif INSIDE
 security-level 100
 ip address 192.168.10.254 255.255.255.0

!

same-security-traffic permit intra-interface
object network CLIENT_HOST_01
 host 192.168.10.1
object network CLIENT_HOST_02
 host 192.168.10.2
object network CLIENT_HOST_03
 host 192.168.10.3
object network CLIENT_ADFS_04
 host 192.168.10.4
 description DOMAIN CONTROLLER FILE SERVER
object network CLIENT_SAGE_05
 host 192.168.10.5
 description SAGE SERVER
object network CLIENT_SQL_06
 host 192.168.10.6
 description SQL SERVER
object network CLIENT_RDS_07
 host 192.168.10.7
 description RDS SERVER
object network CLIENT_ADMIN_08
 host 192.168.10.8
object network CLIENT_IP_RANGE
 subnet 192.168.10.0 255.255.255.0
object network CLIENT_EXTERNAL_IP_1
 host 192.168.20.1
object network CLIENT_EXTERNAL_IP_2
 host 192.168.20.5
object service RDP
 service tcp destination eq 3389

!

access-list LAN_TO_WAN extended permit ip object CLIENT_IP_RANGE any4
access-list LAN_TO_WAN extended permit ip any4 object CLIENT_IP_RANGE
access-list WAN_TO_LAN extended permit object-group RDS_PORTS_GROUP any object CLIENT_RDS_07
access-list RDS_TO_WAN standard permit host 192.168.10.7

!

nat (OUTSIDE2,INSIDE) source static CLIENT_EXTERNAL_IP_2 CLIENT_EXTERNAL_IP_2 destination static CLIENT_EXTERNAL_IP_2 CLIENT_RDS_07 service RDP RDP unidirectional no-proxy-arp
nat (INSIDE,OUTSIDE1) source dynamic any interface
nat (INSIDE,OUTSIDE2) source dynamic any interface
access-group WAN_TO_LAN in interface OUTSIDE1
access-group WAN_TO_LAN in interface OUTSIDE2
access-group LAN_TO_WAN in interface INSIDE

!

route OUTSIDE1 0.0.0.0 0.0.0.0 192.168.20.1 1
route OUTSIDE2 0.0.0.0 0.0.0.0 192.168.20.5 2

 

 

 

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎08-18-2015 09:41 AM

I have not used the feature on ASA yet but Cisco added the capability of Policy Based Routing in recent versions of ASA code and it seems that this would be the solution for your requirements.

 

HTH

 

Rick

HTH

Rick
0 Helpful

sdawson14
Level 1
Level 1
In response to Richard Burts

‎08-18-2015 09:50 AM

Thank you for your response, I shall test this out and see if I can get that to work.

 

Simon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card