[c-nsp] Source based routing with cisco asa 5510
Josh Horton
jhorton at blindhog.net
Fri Oct 12 10:02:28 EDT 2007
I've never tried it, but you might be able to accomplish this with a
static statement. Translate the internal ip address to the same ip
address. The int_load_balance interface is the interface connected to
the load balancer. My theory could be way off...but it is something to try.
static (inside, int_load_balance) 10.37.12.0 10.37.12.0 mask 255.255.255.0
Jens Brey wrote:
> Hi all,
>
> is it possible to set up a source based routing with a cisco asa 5510?
>
> In a router i would configure something like this:
>
> access-list 100 remark DEFAULT GATEWAY FOR LOADBALANCED TRAFFIC
> access-list 100 permit src ip 10.37.12.0 0.0.0.255 any
>
> route-map LOADBALANCED_IPS permit 10
> match ip address 100
> set ip next-hop 10.10.38.1 (toward the loadbalancer)
>
> interface vlan12
> ip address 10.37.12.1 255.255.255.0
> ip policy route-map LOADBALANCED_IPS
>
>
> Background: I use a ASA 5510 between a transfer net to a loadbalancer, a
> service network and the public net.
> At the moment, the loadbalancer is the default gw, so all traffic from
> the loadbalancer goes back to the loadbalancer.
> Now, i want to use the vpn features at the asa and so i want to change
> the default gw to the the public net. But, the returning
> traffic to the loadbalancer (which doesn't work in a proxy mode) must
> pass them furthermore, to keep the session table small
> (if the traffic didn't pass the loadbalancer, it didn't close the
> session and the session table growing up until the device crashes).
>
> Regards, Jens
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list