Policy Based Routing or PBR Configuration on Cisco ASA – GUI

edledge Cisco logo

Scenario:
Make: Cisco
Model
: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Series
Mode: GUI [Graphical User Interface]
Version: ASA version 9.x or later, ASDM version 7.x or later
Description: In this article, we will discuss the stepwise method of how to configure Policy Based Routing/PBR on Cisco ASA Firewalls. PBR is used to route the traffic on different criteria. Refer to the article to know the steps to Configure Redundant or Backup Links on Cisco ASA & Configure IP SLA on Cisco ASA Firewalls.

Policy Based Routing [PBR]

PBR [Policy Based Routing] can define routing based on criteria other than destination network—PBR lets you route traffic based on source address, source port, destination address, destination port, protocol, or a combination of these. Policy Based Routing can implement QoS by classifying and marking traffic at the network edge, and then using PBR throughout the network to route marked traffic along a specific path.

Configuration

In this article, we will discuss the PBR configuration on an ASA with ISP where we will not use BGP settings.

Step1: Login
Login to the ASA using username and password through ASDM.

ASA ASDM Login

Step2: Route Map
Navigate to Route Map and then click “Add”. Follow the steps shown in the image below.

cisco_asa_pbr

Step2a: Match Clause
Name the route map and define the sequence. Also, create the access list for the route policy.

cisco_asa_pbr_match_clause

Step2b: Set Clause
You could leave the settings here as default settings unless you need to change them.

cisco_asa_pbr_set_clause

Step2c: BGP Match Clause
If you are using BGP then configure the options as per requirement, else leave the setting as default if you are not using BGP.

cisco_asa_bpr_bgp

Step2d: BGP Set Clause
Fill in the details as per requirement for BGP and move to the next tab.

cisco_asa_pbr_bgp_set_clause

Step2e: Policy Based Routing
Fill in the next hop IP address [typically the next hop address of the WAN IP]. Follow the steps shown below in the image.

cisco_asa_pbr_next_hop

You could not use this PBR policy to route the traffic in a customized way depending upon interface, source and/or destination.

Other Important Topics on ASA

SourceCisco, Knowledge Base, Internet

EA00139

Leave a Reply

Your email address will not be published. Required fields are marked *