Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
5
Helpful
6
Replies

policy based routing help

Go to solution
night-fury
Level 1
Level 1

‎04-05-2016 03:28 AM - edited ‎03-08-2019 05:14 AM

Hi,

I have Cisco ASA 5525 and we have 2 lease lines, outside1 and outside2. Outside1 being primary, cater to all traffic, of course.

Problem:

We have a client's dial-up VPN which is not stable on outside1 but when tested works fine with outside2 lease line. I need to divert the traffic for this VPN to go through ISP that is on outside2 interface. Can you please help understanding how can i create policy based routing so that for that VPN's public IP (say 6.6.6.6), traffic originating from inside interface (192.168.x.x/20), should go through outside2 ISP (2.2.2.2). I have checked and ASA 5525 on 9.4 software version has policy-based routing feature.

Would the policy-route be applied on inside interface ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Carlos Villagran
Cisco Employee
Cisco Employee
In response to night-fury

‎04-05-2016 05:51 AM

Hi!

access-list acl-1 extended permit ip 192.168.0.0 255.240.0.0 host 6.6.6.6

route-map diff_ISP permit 10

match ip address acl-1

set ip next-hop 2.2.2.2

interface gig0/0

policy-route route-map diff_ISP

Hope it helps, best regards!

JC

View solution in original post

6 Replies 6

Go to solution
deshtikypshaq
Level 1
Level 1

‎04-05-2016 04:29 AM

access-list acl-1 permit ip 192.168.0.0 255.240.0.0

route-map diff_ISP permit 10

match ip address acl-1

set ip next-hop 2.2.2.2

interface gig0/0

policy-route route-map diff_ISP

0 Helpful

Go to solution
night-fury
Level 1
Level 1
In response to deshtikypshaq

‎04-05-2016 05:41 AM

Thank you deshtikypshaq for your reply. However, the configuration you mentioned would divert all traffic from the machines via ISP2, right?

Is there a way to divert the traffic only destined for IP 6.6.6.6 via ISP2?

0 Helpful

Go to solution
Carlos Villagran
Cisco Employee
Cisco Employee
In response to night-fury

‎04-05-2016 05:51 AM

Hi!

access-list acl-1 extended permit ip 192.168.0.0 255.240.0.0 host 6.6.6.6

route-map diff_ISP permit 10

match ip address acl-1

set ip next-hop 2.2.2.2

interface gig0/0

policy-route route-map diff_ISP

Hope it helps, best regards!

JC

Go to solution
night-fury
Level 1
Level 1
In response to Carlos Villagran

‎04-05-2016 10:00 PM

Thank you JC & deshtikypshaq for your quick replies !!

Just for the sake of curiosity....what if I have 3 ISPs. All traffic goes through default route, but I want traffic for 6.6.6.6 to go through ISP2 and traffic for 7.7.7.7 to go through ISP3. Is it possible?

I have this question because we will have a single inside interface and if i am correct, only one policy-route can be linked to one interface.

0 Helpful

Go to solution
deshtikypshaq
Level 1
Level 1
In response to night-fury

‎04-05-2016 10:15 PM

Just add on more clause to route-map

for example

access-list acl-2 extended permit ip 192.168.0.0 255.240.0.0 host 7.7.7.7

route-map diff_ISP permit 10

match ip address acl-1

set ip next-hop 2.2.2.2

route-map diff_ISP permit 20

match ip address acl-2

set ip next-hop 3.3.3.3

0 Helpful

Go to solution
night-fury
Level 1
Level 1
In response to deshtikypshaq

‎04-06-2016 02:35 AM

Thank you...appreciate it. this helps a lot.

-best

nf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card