?
Solved

Cisco ASA - Route Traffic to Specific Interface

Posted on 2010-09-10
8
Medium Priority
?
1,356 Views
Last Modified: 2012-05-10
I have a Cisco ASA 5510 that is protecting 2 WAN connections for my business (Detailed diagram attached). 1 WAN connection goes to the public Internet. The other WAN connection goes to our corporate network, which also provides access to the Internet

Internally, I use a proxy server to guide proper traffic from workstations to the corporate network, so essentially, all traffic to the corporate network comes from one device. We need to route some Internet-accessible addresses through the corporate network for access-control and monitoring reasons.

What is the best way to force all traffic from my proxy server to route properly over the corporate network interface?

The ASA is running v8.3(2). I have tried a reverse-NAT for the corporate router, access-control rules, and a thousand other things. I'm totally fried and at a loss. Thanks for the help!
network.jpg
0
Comment
Question by:grantsewell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 9

Expert Comment

by:ffleisma
ID: 33646069
consider a policy based routing (PBR), wherein you may want to change the next-hop ip for a certain criteria you specify.

a link below shows a scenario slightly similar to yours

https://supportforums.cisco.com/message/3026041

hope this helps :-)
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33646171
seems the solution is for a router, not familiar though if ASA is capable of PBR. sorry about that.
0
 
LVL 7

Author Comment

by:grantsewell
ID: 33646793
You cannot set the next hop in a route map on an ASA. :-/
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 5

Expert Comment

by:BooSTid
ID: 33647342
Just so I understand... You have traffic coming in the internet router that you want to route behind the corporate router, but still pass through the firewall?
0
 
LVL 7

Author Comment

by:grantsewell
ID: 33647383
No, sorry.

The Internet router will be the default route.

The corporate router will receive traffic that may be Internet-routable as well, which is why it needs to be forced through that interface. We access some destinations which are locked down to the company's Internet gateway, not our local one. This is why I use the proxy server to concentrate all the traffic.

Does that make sense?
0
 
LVL 9

Expert Comment

by:Donboo
ID: 33686157
The Internet addresses you need to route through the corperate router are they know in advance or does these change?
0
 
LVL 7

Accepted Solution

by:
grantsewell earned 0 total points
ID: 33696089
Yes, but I would prefer to not have to specify individual addresses, as I have already configured them in the proxy server. Two configuration is too much of a hassle.

It seems like if I want to be able to have two gateways, the best option is to use another ASA to dedicate for this connection.
0
 
LVL 9

Expert Comment

by:Donboo
ID: 33700253
It does seem like it since you´d still need to configure the IP route on the ASA as long as all traffic from your proxy and not only the traffic you want to route differently, hits it.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question