What is the alternate solution for Policy Base Routing in ASA 5510

bruciscoce · ‎12-12-2013

Good Morning,

I am experiencing some issues when traffic from my internal network, need to be pass throught a ASA 5510 and then forward to a particular DSL. In my ASA I have three interface. A internal, and two public interface. I a deflaut route to pass traffic throught one of the public interface. Then the there are static routes to foward traffic throught the other public interface.The packet that go throught these public interfaces go to two DSL.

I want to add a next vlan to my network and add a new DSL for that vlan. I want to then forward traffic throught the ASA and then to the new DSL. The ASA 5510 dont do policy base routing.What is the alternate solution for Policy Base Routing in ASA 5510 ?

Jouni Forss · ‎12-12-2013

Hi,

I think the only option with the ASA itself is to have it running minimum one of the latest 8.4 release or some 9.x software.

This will enable you to use NAT to manipulate the egress interface which is chosen for particular traffic. For example you can take traffic from all networks behind one interface and forward it all through a particular WAN interface on the ASA.

Naturally this will create a NAT configuration which is more complex and requires more thought to set up depending how complext the actual network setup is.

But essentially a "PBR like" solution is possible with the new NAT

But you have to be running a pretty new software that uses the new NAT format.

- Jouni

bruciscoce · ‎12-17-2013

If create a sub interface and I have a IP address configured for the network, I can create a not statement with the egress command. Do you have a sample configuration.