I never said to do policy routing on the ASA.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: A 1 [mailto:[email protected]] Sent: Thursday, November 18, 2010 11:59 AM To: Tyson Scott Cc: --Hammer--; [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed thanks Tyson, As outgoing traffic is routed via firewall ASA and ASA does not support policy based routing.. On Tue, Nov 16, 2010 at 5:09 PM, Tyson Scott <[email protected]> wrote: connect the new ISP to the active HSRP device. Policy route the traffic at that point. Unless these are some seriously high speed bandwidth interfaces, which I am assuming not since you are coming to us for support, you should be fine having the two connections on one router. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of --Hammer-- Sent: Tuesday, November 16, 2010 10:01 AM To: 'A 1' Cc: [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed So we are only halfway there. This really depends on how radical you want to go. You could always fire up a second network. Trunk it, dual NICs, etc. NAT it back at the edge routers to a public address. I mean, there are several ways to do it but there is an ugliness factor to contend with. How ugly do you want to make it? --Hammer "I was a normal American nerd." -Jack Herer From: A 1 [mailto:[email protected]] Sent: Tuesday, November 16, 2010 8:56 AM To: --Hammer-- Cc: [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed I can apply the PBR for outgoing traffic the firewall ASA does not support source based routing. Regards M On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: Ok, I try not to speak up on technical stuff because there are far smarter people on this thread than me but why can't you do PBR on the routers for this? This new application is going to have a unique IP address right? So why can't you write some route maps for the IP address of the application and PBR it to the right circuit? Am I missing something? --Hammer "I was a normal American nerd." -Jack Herer From: [email protected] [mailto:[email protected]] On Behalf Of A 1 Sent: Monday, November 15, 2010 12:07 PM To: [email protected] Subject: Re: [OSL | CCIE_RS] DUAL homed On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: Hello, My apologies if I put this request in the wrong section. Can any one help me out .. I have two ISP routers( from the same company ) working as a primary and secondary ( HSRP ) and all our network outbound is using this HSRP address. There is an ASA firewall behind these routers. I have a requirement for a portal applcation having couple of servers that resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only portal servers should use this new ISP circuit. How can I do that.. one solution that I was thinking to - enable static NAT (with the ISP provided IP with local IP at DMZ for all servers) - source based routing but there is no policy base routing supported by ASA http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item091 86a00805b87d8.shtml#pbr My preference is not to use BGP Regards M
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
