Like Chalk and Cheese: Cisco ASA 5506-X with Release 9.4.1 – Policy Based Routing
Earlier this Year, Cisco introduced the Cisco ASA 5506-X with FirePOWER Services. This Model should replace the successful and smallest Security Solution, the ASA 5505. Designed for the Small Business and a new era of threat and advanced malware protection Cisco ASA with FirePOWER Services delivers an integrated threat defense for the entire attack continuum. BEFORE, DURING and AFTER.
As Desktop version, the Cisco ASA 5506-X builds an easy entry for a:
- Superior Multilayered Protection
- Site-to-site and remote access VPN
- Granular Application Visibility and Control (AVC)
- Highly effective threat prevention and full contextual awareness
- Reputation- and category-based URL filtering
- AMP provides industry-leading breach detection effectiveness
- Unprecedented Network Visbility
- Reduced Costs and Complexity security Solution
On 28th May, the Cisco Adaptive Security Appliance Software for the ASA 5506-X Version 9.4.1 was released. In this Interim Release they included a really great Feature for all the Small Business Customers.
Cisco ASA now supports policy based routing (PBR). Formerly the ASA routing decision was based on the destination of the traffic. This limitation makes it hard to change the routing behavior for specific traffic. Now with Policy Based Routing (PBR) there are different criteria to define the routing behavior:
- Source Network
- Destination Network
- Source Address
- Destination Address
- Source Port
- Destination Port
- Packet Size
- Packet Classification
Many Implementations of the Internet Edge from Small Business Companies here in Germany/Europe are based on two ISP Connections. Very common are a DSL Connections combined with a Leased Line. The Leased Line is used for business critical services (E-Mail Traffic, VPN, Microsoft ActiveSync (Mail Push) and the second DSL Connection is used for Webtraffic. With this scenario the use of PBR is essential. In the past we realized this commonly when a Cisco ISR Router were PBR were widely spread.
With the Version 9.4.1 we can now consolidated the WAN Connections directly on the ASA with the same flexibility. Furthermore, it reduces Costs and Complexity.