PBR

Stewart Thomas · ‎03-09-2013

I have a 3560-48ps running IPBASE. I am wanting to do some PBR on this device. Will I have to change the Image to the IPservices for this to work.

Here is a description of what I'm trying to do. I have two internet connections connecting to two differnet 5510 ASA's. The two ASA connect to the 3560.

All my internet traffic is going out one ASA. Also on this asa I have a static ip range n for internal servers, this asa is working properly with no probelms.

The second ASA is were I'm having my issues. On the second asa my vpn traffic comes in and works fine. I also have a static ip from the ISP. This range I can not get to work. When I do a Nat translation on the second ASA and If I try ping from the ouside world the ping comes in but i do not get a reply. After trouble shooting the issue it seems that i have some asymetric routing. So the ping comes in the second asa and tries to go out the first asa. This is because I have a default route in the 3560 going back to the first ASA. I have this route there for the users to get back to the internet. So I think the issue can be solved with some PBR in the 3560.

Reza Sharifi · ‎03-09-2013

That is correct. You need IP Services license to do PBR.

HTH

Emmanuel Valdez · ‎03-10-2013

Hello,

You can use PBR to route some traffic across the first ASA and some traffic across the second ASA.

You could use the second ASA for backup Internet with PBR too.

Regards.

Sent from Cisco Technical Support iPhone App