Cisco ASA Series Firewall 策略路由配置First, we need to configure interfaces. ciscoasa(config)# interface GigabitEthernet0/0ciscoasa(config-if)# no shutdownciscoasa(config-if)# nameif insideciscoasa(config-if)# ip address 10.1.1.1 255.255.255.0ciscoasa(config)# interface GigabitEthernet0/1ciscoasa(config-if)# no shutdownciscoasa(config-if)# nameif outside-1ciscoasa(config-if)# ip address 192.168.6.5 255.255.255.0ciscoasa(config)# interface GigabitEthernet0/2ciscoasa(config-if)# no shutdownciscoasa(config-if)# nameif outside-2ciscoasa(config-if)# ip address 172.16.7.6 255.255.255.0Then, we need to configure an access-list for matching the traffic. ciscoasa(config)# access-list acl-1 permit ip 10.1.0.0 255.255.0.0ciscoasa(config)# access-list acl-2 permit ip 10.2.0.0 255.255.0.0We need to configure a route-map by specifying the above access-list as match criteria along with the required set actions. ciscoasa(config)# route-map equal-access permit 10ciscoasa(config-route-map)# match ip address acl-1ciscoasa(config-route-map)# set ip next-hop 192.168.6.6ciscoasa(config)# route-map equal-access permit 20ciscoasa(config-route-map)# match ip address acl-2ciscoasa(config-route-map)# set ip next-hop 172.16.7.7ciscoasa(config)# route-map equal-access permit 30ciscoasa(config-route-map)# set ip interface Null0Now, this route-map has to be attached to an interface. ciscoasa(config)# interface GigabitEthernet0/0ciscoasa(config-if)# policy-route route-map equal-accessTo display the policy routing configuration. ciscoasa(config)# show policy-routeInterface Route mapGigabitEthernet0/0 equal-access