Model: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Series
Mode: GUI & CLI
Version: ASA version 9.x or later, ASDM version 7.x or later
Description: In this article, we will discuss the stepwise method of how to configure Policy Based Routing/PBR on Cisco ASA Firewalls. PBR is used to route the traffic on different criteria. Refer to the article to know the steps to Configure Redundant or Backup Links on Cisco ASA & Configure IP SLA on Cisco ASA Firewalls.
Policy Based Routing [PBR]
PBR [Policy Based Routing] can define routing based on criteria other than destination network—PBR lets you route traffic based on source address, source port, destination address, destination port, protocol, or a combination of these. Policy Based Routing can implement QoS by classifying and marking traffic at the network edge, and then using PBR throughout the network to route marked traffic along a specific path.
In this article, we will discuss the PBR configuration on an ASA with ISP where we will not use BGP settings.
Login to the ASA using username and password through ASDM.
Step2: Route Map
Navigate to Route Map and then click “Add”. Follow the steps shown in the image below.
Step2a: Match Clause
Name the route map and define the sequence. Also, create the access list for the route policy.
Step2b: Set Clause
You could leave the settings here as default settings unless you need to change them.
Step2c: BGP Match Clause
If you are using BGP then configure the options as per requirement, else leave the setting as default if you are not using BGP.
Step2d: BGP Set Clause
Fill in the details as per requirement for BGP and move to the next tab.
Step2e: Policy Based Routing
Fill in the next hop IP address [typically the next hop address of the WAN IP]. Follow the steps shown below in the image.
You could not use this PBR policy to route the traffic in a customized way depending upon interface, source and/or destination.
Other Important Topics on ASA
- Cisco ASA Firewall Logging/Syslog Types & Configuration [GUI]
- Cisco ASA Logging/Syslog Time Sync Issue
- Configure Redundant or Backup WAN/ISP Link on Cisco ASA – GUI
- How to Configure SNMP on Cisco ASA 5500-X Firewalls
- Add Static ARP or MAC Binding on Cisco ASA Firewall
Source: Cisco, Knowledge Base, Internet