Routing in ASA5508X

Infuscomus · ‎11-03-2017

I have an ASA 5508X with the following configuration:

Those are routes towards my LAN (ASA port 1):

route inside 192.168.20.0 255.255.255.0 172.1.1.6 1
route inside 192.168.21.0 255.255.255.0 172.1.1.6 1

route inside 192.168.22.0 255.255.255.0 172.1.1.6 1

This is the link to my Internet Router than goes to ISP 1, from ASA port 2:

route outside 0.0.0.0 0.0.0.0 172.2.1.1 1

Basically, all current VLANs go out through the router and to ISP 1.

I have a secondary ISP (172.3.1.1) and I configured the correct settings on the ASA port 3 (interface outside3)

I created a new VLAN 192.168.23.0 .

I want to route the new VLAN to the new ISP.

Is this the correct approach :

route inside 192.168.23.0 255.255.255.0 172.1.1.6 1

route outside2 192.168.23.0 255.255.255.0 172.3.1.1 1

Georg Pauwen · ‎11-03-2017

Hello,

the routing looks good to me. Is it working, or are you running into a problem ?

Infuscomus · ‎11-03-2017

It's just planning. I need to implement this in the near future.

I was wondering if the 192.168.23.0 route will be correctly considered since the 0.0.0.0 one exists with the same metric.

Karsten Iwen · ‎11-03-2017

If you want to send traffic that is coming from a particular vlan over a specific ISP, then you have to configure policy-based-routing (PBR) for that:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf

Infuscomus · ‎11-03-2017

I will study the provided documentation.