Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页

다음 예에서 경로 맵 평가는 (i) route-map 작업 permit 및 acl 작업 permit이 설정 작업에 적용됩니다. 
(ii) route-map 

작업 deny 및 acl 작업 permit이 일반적인 경로 조회로 건너뜁니다. (Iii) permit/deny 

route-map 

작업 및 acl 작업 deny가 다음 경로 맵 항목에 계속해서 작업을 수행합니다. 다음 경로 맵 

항목을 사용할 수 없는 경우, 일반 경로 조회를 대신 수행합니다.

ciscoasa(config)# route-map testmap permit 10

ciscoasa(config-route-map)# match ip address permit_acl_1 deny_acl_2

ciscoasa(config-route-map)# set ip next-hop 1.1.1.10

ciscoasa(config)# route-map testmap deny 20

ciscoasa(config-route-map)# match ip address permit_acl_3 deny_acl_4

ciscoasa(config-route-map)# set ip next-hop 2.1.1.10

ciscoasa(config)# route-map testmap permit 30

ciscoasa(config-route-map)# match ip address deny_acl_5

ciscoasa(config-route-map)# set interface outside

다음 예에서 여러 설정 작업이 구성된 경우 위에서 언급한 순서대로 평가됩니다. 설정 작업의 모

든 옵션이 평가되고 이를 적용할 수 없는 경우에만 다음 설정 작업이 고려됩니다. 이 순서에서는 

가장 사용하기 쉽고 가장 가까운 next hop이 처음에 시도된 다음 다음으로 사용하기 쉽고 덜 먼 
next hop

이 시도되며 이러한 순서로 계속 진행됩니다.

ciscoasa(config)#route-map testmap permit 10

ciscoasa(config-route-map)# match ip address acl_1

ciscoasa(config-route-map)# set ip next-hop verify-availability 1.1.1.10 1 track 1

ciscoasa(config-route-map)# set ip next-hop verify-availability 1.1.1.11 2 track 2

ciscoasa(config-route-map)# set ip next-hop verify-availability 1.1.1.12 3 track 3

ciscoasa(config-route-map)# set ip next-hop 2.1.1.10 2.1.1.11 2.1.1.12

ciscoasa(config-route-map)# set ip next-hop recursive 3.1.1.10

ciscoasa(config-route-map)# set interface outside-1 outside-2

ciscoasa(config-route-map)# set ip default next-hop 4.1.1.10 4.1.1.11

ciscoasa(config-route-map)# set default interface Null0

이 섹션에서는 다음 시나리오에 대해 PBR을 구성하는 데 필요한 완벽한 구성에 대해 설명합니다. 

먼저, 인터페이스를 구성해야 합니다.

(config)# interface GigabitEthernet0/0

(config-if)# no shutdown