Hi all,
I have this strange behavior with ASL 6.201 and policy routing.
Here my test configuration:
Internet
|
Router(NAT)(192.168.100.254)
|
eth0 (192.168.100.20)
|
ASL--eth1(172.16.1.10)----DMZ (172.16.1.0/24)
|
eth2 (1.2.3.4)
|
Router (1.2.3.5)
|
Internet
The default gateway is configured on eth0.
I created this policy route:
Source Interface: Internal
Source: 172.16.1.20
Service: HTTP
Destination: Any
Target: 1.2.3.5
On ASL there is a packet filter rule that permit web traffic from 172.16.0.20
With this configuration the host (172.16.0.20) can't browse the Internet.
No blocked packets from the live log. The ip route seems to be good, also the
Qos rules.
So I try to change my configuration using only 2 nics, like this:
Internet
|
Router(NAT)(192.168.100.254)
|
eth0 (192.168.100.20)
|
ASL--eth1(172.16.1.10)----DMZ (172.16.1.0/24)
|
|
|
eth0(172.16.1.30)
|
ASL
|
eth1 (1.2.3.4)
|
Router (1.2.3.5)
|
Internet
So I created this policy route rule:
Source Interface: Internal
Source: 172.16.1.20
Service: HTTP
Destination: Any
Target: 172.16.1.30
With this second configuration all work fine.
Why?
I don't want to use another ASL...
This thread was automatically locked due to age.
