Behind the ISP router I have a firewall but firewall does not support
policy based routing.
---------- router3 ( new isp)
firewall ---------- router2 ( old isp )
---------- rotuer1 ( old isp )
router 1 and router 2 are running HSRP and have a default route from
firewall for outgoing traffic for HSRP address. I can NAT for incoming
traffic from router3 but for outgoing traffic ???
Regards
M
On Tue, Nov 16, 2010 at 10:00 AM, --Hammer-- <[email protected]> wrote:
> So we are only halfway there.
>
>
>
> This really depends on how radical you want to go. You could always fire up
> a second network. Trunk it, dual NICs, etc. NAT it back at the edge routers
> to a public address. I mean, there are several ways to do it but there is an
> ugliness factor to contend with. How ugly do you want to make it?
>
>
>
>
>
>
>
> --Hammer
>
>
>
> "I was a normal American nerd."
> -Jack Herer
>
>
>
> *From:* A 1 [mailto:[email protected]]
> *Sent:* Tuesday, November 16, 2010 8:56 AM
> *To:* --Hammer--
> *Cc:* [email protected]
>
> *Subject:* Re: [OSL | CCIE_RS] DUAL homed
>
>
>
> I can apply the PBR for outgoing traffic the firewall ASA does not
> support source based routing.
>
>
>
> Regards
>
> M
>
> On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote:
>
> Ok, I try not to speak up on technical stuff because there are far smarter
> people on this thread than me but why can’t you do PBR on the routers for
> this? This new application is going to have a unique IP address right? So
> why can’t you write some route maps for the IP address of the application
> and PBR it to the right circuit? Am I missing something?
>
>
>
>
>
>
>
> --Hammer
>
>
>
> "I was a normal American nerd."
> -Jack Herer
>
>
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *A 1
> *Sent:* Monday, November 15, 2010 12:07 PM
>
>
> *To:* [email protected]
>
> *Subject:* Re: [OSL | CCIE_RS] DUAL homed
>
>
>
>
>
> On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote:
>
> Hello,
>
>
>
> My apologies if I put this request in the wrong section.
>
>
>
> Can any one help me out .. I have two ISP routers( from the same company )
> working as a primary and secondary ( HSRP ) and all our network outbound is
> using this HSRP address. There is an ASA firewall behind these routers. I
> have a requirement for a portal applcation having couple of servers that
> resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only
> portal servers should use this new ISP circuit. How can I do that.. one
> solution that I was thinking to
>
> - enable static NAT (with the ISP provided IP with local IP at DMZ for all
> servers)
>
> - source based routing
>
>
>
> but there is no policy base routing supported by ASA
>
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr
>
>
>
> My preference is not to use BGP
>
> Regards
>
> M
>
>
>
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
