[c-nsp] Source based routing with cisco asa 5510
Jens Brey
jens at chaos-co.de
Thu Oct 11 19:03:09 EDT 2007
Hi all,
is it possible to set up a source based routing with a cisco asa 5510?
In a router i would configure something like this:
access-list 100 remark DEFAULT GATEWAY FOR LOADBALANCED TRAFFIC
access-list 100 permit src ip 10.37.12.0 0.0.0.255 any
route-map LOADBALANCED_IPS permit 10
match ip address 100
set ip next-hop 10.10.38.1 (toward the loadbalancer)
interface vlan12
ip address 10.37.12.1 255.255.255.0
ip policy route-map LOADBALANCED_IPS
Background: I use a ASA 5510 between a transfer net to a loadbalancer, a
service network and the public net.
At the moment, the loadbalancer is the default gw, so all traffic from
the loadbalancer goes back to the loadbalancer.
Now, i want to use the vpn features at the asa and so i want to change
the default gw to the the public net. But, the returning
traffic to the loadbalancer (which doesn't work in a proxy mode) must
pass them furthermore, to keep the session table small
(if the traffic didn't pass the loadbalancer, it didn't close the
session and the session table growing up until the device crashes).
Regards, Jens
More information about the cisco-nsp
mailing list