• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1372
  • Last Modified:

Cisco ASA - Route Traffic to Specific Interface

I have a Cisco ASA 5510 that is protecting 2 WAN connections for my business (Detailed diagram attached). 1 WAN connection goes to the public Internet. The other WAN connection goes to our corporate network, which also provides access to the Internet

Internally, I use a proxy server to guide proper traffic from workstations to the corporate network, so essentially, all traffic to the corporate network comes from one device. We need to route some Internet-accessible addresses through the corporate network for access-control and monitoring reasons.

What is the best way to force all traffic from my proxy server to route properly over the corporate network interface?

The ASA is running v8.3(2). I have tried a reverse-NAT for the corporate router, access-control rules, and a thousand other things. I'm totally fried and at a loss. Thanks for the help!
network.jpg
0
grantsewell
Asked:
grantsewell
  • 3
  • 2
  • 2
  • +1
1 Solution
 
ffleismaCommented:
consider a policy based routing (PBR), wherein you may want to change the next-hop ip for a certain criteria you specify.

a link below shows a scenario slightly similar to yours

https://supportforums.cisco.com/message/3026041

hope this helps :-)
0
 
ffleismaCommented:
seems the solution is for a router, not familiar though if ASA is capable of PBR. sorry about that.
0
 
grantsewellAuthor Commented:
You cannot set the next hop in a route map on an ASA. :-/
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
BooSTidCommented:
Just so I understand... You have traffic coming in the internet router that you want to route behind the corporate router, but still pass through the firewall?
0
 
grantsewellAuthor Commented:
No, sorry.

The Internet router will be the default route.

The corporate router will receive traffic that may be Internet-routable as well, which is why it needs to be forced through that interface. We access some destinations which are locked down to the company's Internet gateway, not our local one. This is why I use the proxy server to concentrate all the traffic.

Does that make sense?
0
 
DonbooCommented:
The Internet addresses you need to route through the corperate router are they know in advance or does these change?
0
 
grantsewellAuthor Commented:
Yes, but I would prefer to not have to specify individual addresses, as I have already configured them in the proxy server. Two configuration is too much of a hassle.

It seems like if I want to be able to have two gateways, the best option is to use another ASA to dedicate for this connection.
0
 
DonbooCommented:
It does seem like it since you´d still need to configure the IP route on the ASA as long as all traffic from your proxy and not only the traffic you want to route differently, hits it.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now