Default Route or Policy route

Posted on 2013-10-02
Medium Priority
Last Modified: 2013-10-24

I am trying to figure out how to send my voice traffic out the back up interface.  Currently, when sip is connected to our Server USEAMAX2k, it works over the back up interface, but sends the RTP traffic over the outside interface.  I need that traffic to go out the backup interface.  Also, a static is configured using one of the assigned IPs of that interface, Would their be an issue with the static route? and should I use a policy based routing?  Mind you, we are trying to setup Fonolo with Altigen Max2k Server. This may also affect users who are remote and have phones setup.

We have 2 ISPS setup on 1 ASA 5510.

static (Inside,Backup) X5.XXX.157.157 USEMAX2k netmask

object-group service Voice_Ports
 service-object udp eq sip
 service-object tcp-udp range 49664 49723
 service-object tcp eq 10025
 service-object tcp range 10027 10029
 service-object tcp eq 10032
 service-object tcp eq 10040
 service-object tcp eq 10050
 service-object tcp eq 10064
 service-object tcp range 10080 10081
 service-object tcp eq 5061
 service-object tcp eq h323
 service-object udp eq 10060
 service-object udp eq tftp
 service-object tcp eq sip
 service-object tcp source range 10000 10020 range 10000 10020
 service-object udp range 10000 10020
Question by:TreyCarr
  • 3
  • 2
LVL 28

Expert Comment

ID: 39543995
I'm not familiar with the specific traffic or applications, but I do know routing. If you want to force traffic of any kind over the backup interface, you have to use policy routing. But bear in mind that this does not force the return traffic to use that interface unless you control both ends of the link and use policy routing on the other side also.

Author Comment

ID: 39547222
OK, so would i need a routing statement to route the traffic out the backup interface?  

ASA(config)#static (isp2,inside) 66.XXX.XXX.0 66.XXXXXX.0 netmask

I tried this command, and it did not work.
LVL 28

Accepted Solution

mikebernhardt earned 1500 total points
ID: 39547366
That's a static route. I'm not sure you can do policy routing in an ASA. here's a document from a few years back that suggests a possible workaround for you- it's essentially allowing you to create a different default routes based on the protocol but it may not work for you.

Here are some other postings I found that may help you:

Author Comment

ID: 39597357
All, I couldnt complete this config without a router. I had to purchase a router to do what I needed to do.   I am rewarding Mike the points.

Author Closing Comment

ID: 39597359
Mike helped me see the limitations of the ASA.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question