Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

CISCO Static Routing

Hi,

We have CISCO ASA 3750 L3 Switch and we want to do load balancing across to Internet lines.  The issue that I have is that we have 1-to1 NATs for some of our devices on the network and I know that we cannot have them go out both Internet lines

How can I create a static route to the firewall that has the NAT policies for those devices

for example:

device 192.168.1.1 needs its routes of last resort to go to 192.168.72.253

Thank you in advance
0
thomasm1948
Asked:
thomasm1948
  • 6
  • 3
1 Solution
 
thomasm1948Author Commented:
would something like this work and still allow the device to all of my other VLANS

access-list 1 permit 192.168.1.1

route-map NatGwy permit 1
set up next-hop 192.168.72.253

ip policy route-map NatGwy

I am not sure but I think policy based routing might work.  any ideas?
0
 
thomasm1948Author Commented:
After reading I think I might have to do this , but I am unsure

access-list 1 deny ip host 192.168.1.1 192.168.72.254 255.255.255.255 (new router gateway)
access-list 1 permit 192.168.1.1 any (allowing the host to have access to the other VLANs

 route-map NatGwy permit 1
 set up next-hop 192.168.72.253 (original gateway with the NAT policies)

 ip policy route-map NatGwy

Still unsure though
0
 
Craig BeckCommented:
The ASA doesn't do PBR; only redundant links/routing.

The 3750 doesn't do NAT.

Either way, you probably won't get what you want unless you use a proper router upstream from the ASA on the outside.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
thomasm1948Author Commented:
Hi,

Sorry used some wrong terminology.  The 3750 is our core L3 switch in which currently the last resort route goes to 0.0.0.0 0.0.0.0 192.168.72.253

We got a new Internet line in and the school would like to load balance between them.  The issue that I see is there is static NAT policies on their Pix firewall.  If I do load balancing then those devices such a web portal is not going to work correctly being that the traffic could possibly go out the new pix firewall
0
 
Craig BeckCommented:
Ok, so load balancing is easy.  Just configure a second static route on the 3750 pointing to the new gateway and use the same metric.

You're right - static NAT will be a problem.  Where is your web portal?  Is it on your LAN but accessible from the internet?  If so, that's not going to work too well.  You will only be able to send that portal's traffic through one line at a time or it will break traffic, especially if it runs HTTPS.
0
 
thomasm1948Author Commented:
How can I route a single device through only one line and then have the rest do load balancing on the 3750.
0
 
thomasm1948Author Commented:
The web portal is on the LAN and is accessible for the teacher and students outside of the network
0
 
Craig BeckCommented:
0
 
thomasm1948Author Commented:
does the 3750 support that.  If so would my idea above work then
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now