Ditmar, pre 8.3 I have tested the PBR workaround for years and had implemented it in several customer networks. There has been an architectural change after 8.3 in how we decide the next hop interface and if that process is dependent on nat. I haven'...

Andy, that is not true. While the routing decision is taken first, that holds true only for source NAT. When performing destination nat, the Nat decides the routed interface. As a result, the packet is sent to the natted interface for routing and the...

Even though the metric is higher on the backup route, the firewall will still use it to route smtp traffic over that link, since the static nat [ static (backup,inside) ...] is applied to the packets before the routing decision is made. As a result, ...

Can you check with this:regex BLOCKED_DOMAIN_1 "www.facebook.com"access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq httpclass-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LISTmatch regex BLOCKED_DOMAIN_1class-map t...

The ASA 5510 does not support PBR. It is very likely that a feature request for PBR has been placed already, but no announcements have been made yet. There is a workaround which lets you send all email and/or web traffic through one ISP and rest of t...