Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Static Route not working on ASA 5505

Static Route not working on ASA 5505 8 years 5 months ago #35251

I've posted my config below. PCs are using ASA inside interface ( as their default gateways and ARE able to access the Internet via the outside interface (x.x.x.170) without any problems. Here is the challenge I am having : I need to route a particular network to a router @ (that is on the same subnet as my inside interface) so I have added the static route "route inside 63.x.x.0 1". I am able to ping an address on the 63.x.x.0 network when sourced from the ASA's inside interface (, but I am not able to ping 63.x.x.0 from a PC using as it's default gateway. Any ideas? Could the issue have something to do with the ASA not allowing traffic to be routed out the same interface it came in (PCs gateway is which is the same interface that forwards traffic for the 63.x.x0 subnet to router @ HELP !!

ASA Version 7.2(4)
hostname asa
enable password ***********
passwd ************* encrypted
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.170
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
route inside 63.x.x.0 1
route outside x.x.x.169 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
http server enable
http inside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet inside
telnet timeout 5
ssh inside
ssh outside
ssh timeout 5
console timeout 0

Re: Static Route not working on ASA 5505 8 years 5 months ago #35255

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7

Could the issue have something to do with the ASA not allowing traffic to be routed out the same interface it came in

Yes, infact this could really be the problem. The ASA defaults to prevent traffic that came in an interface to exist the same interface. The following command should allow it:

[code:1]same-security-traffic permit intra-interface[/code:1]

Tell us what happens.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
  • Page:
  • 1
Time to create page: 0.182 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup