Cisco Cisco ASA 5555-X Adaptive Security Appliance 产品宣传页
21-12
Cisco ASA Series
일반적인 작업 CLI 구성 가이드
21
장 정책 기반 라우팅
정책 기반 라우팅 예
in 15.1.1.0 255.255.255.0 inside
in 25.1.1.0 255.255.255.0 outside
in 35.1.1.0 255.255.255.0 dmz
다음으로, ASA-A dmz 인터페이스 외부로 H1 loopback2의 패킷을 라우팅하기 위해 ASA-A를 구
성해보겠습니다.
ciscoasa(config)# access-list pbracl_2 extended permit ip host 15.1.1.101 any
ciscoasa(config)# route-map testmap permit 20
ciscoasa(config-route-map)# match ip address pbracl
ciscoasa(config-route-map)# set ip next-hop 35.1.1.61
ciscoasa(config)# show run route-map
!
route-map testmap permit 10
match ip address pbracl_1
set ip next-hop 25.1.1.61
!
route-map testmap permit 20
match ip address pbracl
set ip next-hop 35.1.1.61
!
H1: ping 65.1.1.100 repeat 1 source loopback2
디버그는 다음과 같습니다.
pbr: policy based route lookup called for 15.1.1.101/1234 to 65.1.1.100/1234 proto 6
sub_proto 0 received on interface inside
pbr: First matching rule from ACL(3)
pbr: route map testmap, sequence 20, permit; proceed with policy routing
pbr: evaluating next-hop 35.1.1.61
pbr: policy based routing applied; egress_ifc = dmz : next_hop = 35.1.1.61
입력 경로 테이블에서 선택한 경로 항목은 다음과 같습니다.
in 255.255.255.255 255.255.255.255 identity
in 15.1.1.60 255.255.255.255 identity
in 25.1.1.60 255.255.255.255 identity
in 35.1.1.60 255.255.255.255 identity
in 10.127.46.17 255.255.255.255 identity
in 15.1.1.0 255.255.255.0 inside
in 25.1.1.0 255.255.255.0 outside
in 35.1.1.0 255.255.255.0 dmz