So we are only halfway there.
This really depends on how radical you want to go. You could always fire up a second network. Trunk it, dual NICs, etc. NAT it back at the edge routers to a public address. I mean, there are several ways to do it but there is an ugliness factor to contend with. How ugly do you want to make it? --Hammer "I was a normal American nerd." -Jack Herer From: A 1 [mailto:[email protected]] Sent: Tuesday, November 16, 2010 8:56 AM To: --Hammer-- Cc: [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed I can apply the PBR for outgoing traffic the firewall ASA does not support source based routing. Regards M On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: Ok, I try not to speak up on technical stuff because there are far smarter people on this thread than me but why can't you do PBR on the routers for this? This new application is going to have a unique IP address right? So why can't you write some route maps for the IP address of the application and PBR it to the right circuit? Am I missing something? --Hammer "I was a normal American nerd." -Jack Herer From: [email protected] [mailto:[email protected]] On Behalf Of A 1 Sent: Monday, November 15, 2010 12:07 PM To: [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: Hello, My apologies if I put this request in the wrong section. Can any one help me out .. I have two ISP routers( from the same company ) working as a primary and secondary ( HSRP ) and all our network outbound is using this HSRP address. There is an ASA firewall behind these routers. I have a requirement for a portal applcation having couple of servers that resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only portal servers should use this new ISP circuit. How can I do that.. one solution that I was thinking to - enable static NAT (with the ISP provided IP with local IP at DMZ for all servers) - source based routing but there is no policy base routing supported by ASA http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item091 86a00805b87d8.shtml#pbr My preference is not to use BGP Regards M
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
