Scenario:
Make: Cisco
Model: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Series
Mode: GUI [Graphical User Interface]
Version: ASA version 9.x or later, ASDM version 7.x or later
Description: In this article, we will discuss a stepwise method of how to route traffic of one or more interface(s) or subnet(s) over the secondary (particular) ISP of the Cisco ASA. Considering here, the Cisco ASA is connected with two ISPs i.e. Primary and Secondary.
Let us suppose that the Cisco ASA has two internet links “outside” and “outside1“. It has three client subnets or interfaces “Desktop“, “Wireless-Clients” and “Voice-Phones“. Considering Redundant or backup link is configured on the Cisco ASA.
Primary ISP => outside
Secondary ISP => outside1
Client subnets => Desktop, Wireless-Clients, Voice-Phones
We want to route the traffic of client subnets as shown below.
Desktop => outside
Wireless-Clients => outside
Voice-Phones => outside1
Solution
Step1: Configure Route map
Configure route map for secondary ISP. Follow the article attached below to configure the route map
Once the PBR is configured on the Cisco then select the interface(s) or subnet(s) you want to route via selective ISP. Follow the steps as shown below
In case your internet service provider is using PPPoE or DHCP technology then follow the article to configure PBR with PPPoE link on Cisco ASA.
Step2: Interface
Select the interface or subnet you want to route over a selected ISP.
Step3: Select ISP
Select the ISP via which you would like to route the traffic. In this case we will route the interfaces over Primary & Secondary ISP as mentioned above. We have already created PBR for the secondary ISP as “PBR_ISP_2“.
If no route map is selected then by default the traffic for that interface will route over the primary internet line. We can use the same method to selectively route the traffic via our preferred Internet service provider.
Like we wanted to route Desktop, Wireless Clients and Voice-Phones over secondary ISP. We can set this like we set for the “voice-phones” interface in above step.
By this, we can selectively route the traffic of a subnet or interface via an internet line.
Other Important Topics
- Policy Based Routing or PBR with PPPoE Link on Cisco ASA
- Policy Based Routing or PBR Configuration on Cisco ASA – GUI
- Configure Redundant or Backup ISP Link on Cisco ASA – CLI
- How to Configure VPN Between Microsoft Azure & Cisco ASA
- How to Configure SNMP on Cisco ASA 5500-X Firewalls
Source: Knowledge Base, Internet, Cisco
EA00155