Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页

 in   15.1.1.0        255.255.255.0   inside

 in   25.1.1.0        255.255.255.0   outside 

 in   35.1.1.0        255.255.255.0   dmz

다음으로, ASA-A dmz 인터페이스 외부로 H1 loopback2의 패킷을 라우팅하기 위해 ASA-A를 구

성해보겠습니다.

ciscoasa(config)# access-list pbracl_2 extended permit ip host 15.1.1.101 any

ciscoasa(config)# route-map testmap permit 20

ciscoasa(config-route-map)# match ip address pbracl

ciscoasa(config-route-map)# set ip next-hop 35.1.1.61

ciscoasa(config)# show run route-map

!

route-map testmap permit 10

  match ip address pbracl_1

  set ip next-hop 25.1.1.61

!

route-map testmap permit 20

  match ip address pbracl

  set ip next-hop 35.1.1.61

!

디버그는 다음과 같습니다.

pbr: policy based route lookup called for 15.1.1.101/1234 to 65.1.1.100/1234 proto 6 

sub_proto 0 received on interface inside

pbr: First matching rule from ACL(3)

pbr: route map testmap, sequence 20, permit; proceed with policy routing

pbr: evaluating next-hop 35.1.1.61

pbr: policy based routing applied; egress_ifc = dmz : next_hop = 35.1.1.61

입력 경로 테이블에서 선택한 경로 항목은 다음과 같습니다.

 in   255.255.255.255 255.255.255.255 identity

 in   15.1.1.60       255.255.255.255 identity

 in   25.1.1.60       255.255.255.255 identity

 in   35.1.1.60       255.255.255.255 identity

 in   10.127.46.17    255.255.255.255 identity

 in   15.1.1.0        255.255.255.0   inside

 in   25.1.1.0        255.255.255.0   outside

 in   35.1.1.0        255.255.255.0   dmz