Skip to main content

Static Route not working on ASA 5505

More
13 years 9 months ago #35251 by roqcandee
I've posted my config below. PCs are using ASA inside interface (10.5.69.254) as their default gateways and ARE able to access the Internet via the outside interface (x.x.x.170) without any problems. Here is the challenge I am having : I need to route a particular network to a router @ 10.5.69.238 (that is on the same subnet as my inside interface) so I have added the static route "route inside 63.x.x.0 255.255.255.0 10.5.69.238 1". I am able to ping an address on the 63.x.x.0 network when sourced from the ASA's inside interface (10.5.69.254), but I am not able to ping 63.x.x.0 from a PC using 10.5.69.254 as it's default gateway. Any ideas? Could the issue have something to do with the ASA not allowing traffic to be routed out the same interface it came in (PCs gateway is 10.5.69.254 which is the same interface that forwards traffic for the 63.x.x0 subnet to router @ 10.5.69.238)? HELP !!

ASA Version 7.2(4)
!
hostname asa
enable password ***********
passwd ************* encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.5.69.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.170 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route inside 63.x.x.0 255.255.255.0 10.5.69.238 1
route outside 0.0.0.0 0.0.0.0 x.x.x.169 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
More
13 years 9 months ago #35255 by S0lo

Could the issue have something to do with the ASA not allowing traffic to be routed out the same interface it came in


Yes, infact this could really be the problem. The ASA defaults to prevent traffic that came in an interface to exist the same interface. The following command should allow it:

[code:1]same-security-traffic permit intra-interface[/code:1]

Tell us what happens.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.128 seconds