Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页

ciscoasa(config)# interface Loopback1

ciscoasa(config-if)# ip address 15.1.1.100 255.255.255.255

ciscoasa(config-if)# interface Loopback2

ciscoasa(config-if)# ip address 15.1.1.101 255.255.255.255

ciscoasa(config)# ip route 0.0.0.0 0.0.0.0 15.1.1.60

ciscoasa(config)# interface GigabitEthernet0/1

ciscoasa(config-if)# ip address 65.1.1.100 255.255.255.0

ciscoasa(config-if)# ip route 15.1.1.0 255.255.255.0 65.1.1.60

H1

에서 오는 트래픽을 라우팅하기 위해 ASA-A에 PBR을 구성하십시오.

ciscoasa(config-if)# access-list pbracl_1 extended permit ip host 15.1.1.100 any

ciscoasa(config-if)# route-map testmap permit 10

ciscoasa(config-if)# match ip address pbracl_1

ciscoasa(config-if)# set ip next-hop 25.1.1.61

ciscoasa(config)# interface GigabitEthernet0/0

ciscoasa(config-if)# policy-route route-map testmap

ciscoasa(config-if)# debug policy-route

pbr: policy based route lookup called for 15.1.1.100/44397 to 65.1.1.100/0 proto 1 

sub_proto 8 received on interface inside

pbr: First matching rule from ACL(2)

pbr: route map testmap, sequence 10, permit; proceed with policy routing

pbr: evaluating next-hop 25.1.1.61

pbr: policy based routing applied; egress_ifc = outside : next_hop = 25.1.1.61

패킷은 경로 맵의 next hop 주소를 사용하여 예상대로 전달됩니다.

next hop

을 구성할 때, 즉 입력 라우트 테이블에서 조회를 수행하여 구성된 next hop에 연결된 경

로를 식별하고 해당하는 인터페이스를 사용합니다. 이 예의 입력 경로 테이블은 다음과 같습니다
(

일치 경로 항목이 강조 표시되어 있음).

 in   255.255.255.255 255.255.255.255 identity

 in   15.1.1.60       255.255.255.255 identity

 in   25.1.1.60       255.255.255.255 identity

 in   35.1.1.60       255.255.255.255 identity

 in   10.127.46.17    255.255.255.255 identity