Hi,
Our ASA is managing many vlan and is the gateway of all our machines, a simple setup.
We need to change the ASA.
Our idea is to use our SX350X switch stack to route traffic to either the old firewall, either the new one.
For that we only need to change gateway on our machines to be the stack.
But we also need the stack to route packets to firewall using the vlan gateway where it received the packets, if we only use the stack default gateway to router, we'll face some asymetric routing that asa do not like at all (please see diagram bellow where i'm trying to explain what i mean).
Then we need to do PBR on stack telling "if you receive a packet on interface vlan X, forward it the the ASA vlan x interface"
This is a simple PBR, not difficult to do, we tried and it works well except : the stack only supports 12 route-map statements !
It means that with 2 or 3 statement per PBR (some trafic to new firewall, some trafic to old one) we will only manage 4-5 vlan not more...
I really do not know what to do.
Any clue will be appreciated.
Accepted Solutions
Hi Georg, thanks for your reply,
we search also into doc and were unable to find that limit, but when configuring we have :
And i agree about "small business" but 12 is really a little limit !
Hi Jon,
Yes using the same route-map applied on all vlan could be done, but the limit is not on the number of route-map but number of sequences/sections.
Here is what we did to try it, same issue :
Thanks for you advices.
