2023年7月4日发(作者：)

CiFico ASA Seriesewall 策略路由配置

s

r精品资料

Cisco ASA Series Firewall 策略路由配置

First, we need to configure interfaces.

ciscoasa(config)# interface GigabitEthernet0/0

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif inside

ciscoasa(config-if)# ip address 10.1.1.1 255.255.255.0

ciscoasa(config)# interface GigabitEthernet0/1

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif outside-1

ciscoasa(config-if)# ip address 192.168.6.5 255.255.255.0

ciscoasa(config)# interface GigabitEthernet0/2

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif outside-2

ciscoasa(config-if)# ip address 172.16.7.6 255.255.255.0

Then, we need to configure an access-list for matching the traffic.

ciscoasa(config)# access-list acl-1 permit ip 10.1.0.0 255.255.0.0

ciscoasa(config)# access-list acl-2 permit ip 10.2.0.0 255.255.0.0

We need to configure a route-map by specifying the above access-list as

match criteria along with the required set actions.

仅供学习与交流，如有侵权请联系网站删除 谢谢2 精品资料

ciscoasa(config)# route-map equal-access permit 10

ciscoasa(config-route-map)# match ip address acl-1

ciscoasa(config-route-map)# set ip next-hop 192.168.6.6

ciscoasa(config)# route-map equal-access permit 20

ciscoasa(config-route-map)# match ip address acl-2

ciscoasa(config-route-map)# set ip next-hop 172.16.7.7

ciscoasa(config)# route-map equal-access permit 30

ciscoasa(config-route-map)# set ip interface Null0

Now, this route-map has to be attached to an interface.

ciscoasa(config)# interface GigabitEthernet0/0

ciscoasa(config-if)# policy-route route-map equal-access

To display the policy routing configuration.

ciscoasa(config)# show policy-route

Interface Route map

GigabitEthernet0/0 equal-access

仅供学习与交流，如有侵权请联系网站删除 谢谢3