cancel
Showing results for 
Search instead for 
Did you mean: 

EXOS Lose Internal Access After Applying Policy Based Routing

EXOS Lose Internal Access After Applying Policy Based Routing

Ty_Kolff
New Contributor II
We are trying to route traffic from a particular server out an ASA firewall. We are moving from a Cisco core where we had the following in place:

ip access-list extended PBR-ASA
permit ip host 10.10.34.54 any
!
route-map ASA-MAP permit 10
match ip address PBR-ASA
set ip default next-hop 10.10.0.3

The behavior on the Cisco was basically to set the 0.0.0.0 route for that particular server to point to the ASA (10.10.0.3), but it still seemed to use all other routes internally so internal connectivity was just fine.

We have tried the following, but when we apply this we lose internal access to the Server (10.10.34.54):

entry PBR-ASA {
if match all {
source-address 10.10.34.54/32;
}
then {
redirect 10.10.0.3;
count pbr-asa;
}
}

I was applying this Access-List to the vlan that this server belonged to:

configure access-list PBR-ASA vlan VLAN305 ingress

We only want this server to redirect to 10.10.0.3 for it's external access. Any ideas on how to achieve this?

Thanks!
14 REPLIES 14

Ty_Kolff
New Contributor II
I haven't had a chance to test this yet. I will be circling back to this in about a week and a half and let you know the results.

Great, thank you.

Henrique
Extreme Employee
Interesting case... Just curious.. Did you try to trace to and from the server to check the path?

Hi Erik, understood. Thanks for the explanation from Cisco side. 
GTM-P2G8KFN