Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
5
Replies

Routing to 2 different connections

ejdrijin1
Level 1
Level 1

‎10-13-2017 06:00 AM - edited ‎03-05-2019 09:17 AM

Hi,

Currently my ASA consists of 1 internal network and 1 external network. Traffic passes from the internal netwrok and goes to the external for Internet connectivity.

There is a NAT rule and a static rule which says any traffic to any destination goes to this external network.

Now I have created an addition vlan, which its defualt gateway is the Cisco ASA. I want the traffic of this connection to go to the internet with a seperate connection than the current external connection.

How can this be done since there is already the static rule which says that traffic pass from external connection 1?

 

Thanks in advance.

Labels:
0 Helpful
5 Replies 5

Julio E. Moisa
VIP
VIP

‎10-13-2017 06:02 AM - edited ‎10-13-2017 06:07 AM

Hi

If you already have configured the ACLs you can create other NAT just for this specific VLAN, for example:

 

int g0/0.10

vlan 10

nameif NEWVLAN

security-level 100

ip add 192.168.10.1 255.255.255.0

no shutdown

 

access-list NEW-VLAN-ACL extended permit ip any any 

access-group NEW-VLAN-ACL in interface NEWVLAN

 

 

object network NAT-NEW-VLAN
subnet 192.168.10.0 255.255.255.0

nat (NEWVLAN,OUTSIDE) dynamic interface

 

 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

ejdrijin1
Level 1
Level 1
In response to Julio E. Moisa

‎10-20-2017 01:31 AM

Hi,

 

Thanks for your reply. I did the setup like this but still no luck.

 

My theory for this not working is, that there is a static route saying that any traffic should go to the Gateway of the existing Internet connection.

 

Although I have the NAT rule:

nat (NEWVLAN,NEWOUTSIDE) dynamic interface

 

I think traffic is still trying to be routed to the existing outside interface.

 

Does this make sense?

 

Thanks.

0 Helpful

ejdrijin1
Level 1
Level 1
In response to ejdrijin1

‎10-20-2017 02:15 AM

If I NAT the GuestWifi inside interface to the current connection, the Internet will work, 99% coz of the static route stating that any traffic is passed from this gateway.

 

How can I have another route for just the guest wifi traffic?

 

Thanks.

0 Helpful

Georg Pauwen
VIP
VIP

‎10-13-2017 01:15 PM

Hello,

 

if your ASA runs code 9.4 or later, route maps are supported, as in the example below:

 

access-list VLAN_1 extended permit ip 192.168.1.0 0.0.0.255 any

access-list VLAN_2 extended permit ip 192.168.2.0 0.0.0.255 any

 

 

route-map PBR_VLAN permit 10
(config-route-map)#match ip address VLAN_1
(config-route-map)#set ip next-hop x.x.x.x

 

route-map PBR_VLAN permit 20
(config-route-map)#match ip address VLAN_2
(config-route-map)#set ip next-hop y.y.y.y

0 Helpful

ejdrijin1
Level 1
Level 1
In response to Georg Pauwen

‎10-20-2017 02:01 AM

Thanks for your reply.

 

Still no luck. 

 

I am suspecting that I am missing some routes.

 

What are you thoughts?

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card