Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
2
Replies

PBR Again

AndersBramsen
Level 1
Level 1

‎12-05-2012 04:23 PM - edited ‎03-07-2019 10:25 AM

Hi to all...This is by far the biggest sucker....i´v spent hous and hours, so now I´m starting with an ccna....but

I´m having an ASA 5505 firewall connected to my LAN, and from Firewall to My Cisco 819 3G Cellular....

Everything working...I´m getting on the net, And im reciving what I want....smtp, ftp ,etc etc...

that is done i think, with an NAT rule that nats everything in to my asa, wich then Filters and Translates to the right internel IP

My LAN is 192.168.0.0/24, My ASA is 192.168.0.10 on LAN side, and on Wan it´s 10.10.10.2

My Routher is then 10.10.10.1 and my public ip is on my cel 0 interface...

so far so good..

I´m Would then try to take my new connection an put that into a port called Gigabit 0 (WAN) and then........Make policy based Routing...f.x when i make traffic on port 80 it should use my ADSL connection....

I can make i work almost....

Well...I can make it take the right Route (Via ADSL) and also back.....BUT

All my normal incoming trafic is then not Working.....Not either on CEL 0 or GIGABIT 0

I dont need IP SLA....

What should i post for U guys ?

My starting config without PBR and only one isp or the Config with PBR ?

I would like it to react like it does now...it NATS of Routes everything directly to my ASA...and he does the Firewall think and VPN stuff and NAT

This is some of the commands i think I should use ?

access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq www

access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq 443

access-list 101 permit udp 10.10.10.0 0.0.0.255 any eq domain

ip nat inside source route-map nat_isp1_rm interface Cellular0 overload

ip nat inside source route-map nat_isp2_rm GigabitEthernet0 overload

ip access-list extended nat_isp1

permit tcp 10.10.10.0 0.0.0.255 any

ip access-list extended nat_isp2

permit ip 10.10.10.0 0.0.0.255 any

route-map nat_isp1_rm permit

match ip address nat_isp1

match interface cel 0

route-map nat_isp2_rm permit

match ip address nat_isp2

match interface gigabit 0

set ip next hop 95.166.108.1

route-map redirect permit

match ip address 101

set ip next-hop 95.166.108.1

int vlan 1

ip policy route-map redirect

Labels:
139536-DUAL ISP allmost working.txt.zip
139537-Single ISP .txt.zip
0 Helpful
2 Replies 2

mahmoodmkl
Level 7
Level 7

‎12-05-2012 07:41 PM

Hi,

U need to use the translated IP from the ISP 2 because once u r traffic reaches ASA it is translated to public IP.

U need to define 2 pools on the ASA for NAT and configure PBR on your router,

Thanks

0 Helpful

AndersBramsen
Level 1
Level 1
In response to mahmoodmkl

‎12-06-2012 02:28 AM

Okay, Sorry, could you give an example---)

Right now it´s working when only using 1 isp, so are you sure it´s on the ASA i should do a new nat?

would it be two rotary natpools that nats everything in to the ASA or in the Router ? one for each isp?

How do I make nat pools that forward all pools ? can i use like in ACL IP any ?

Can you give me an example ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card