Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2124
Views
5
Helpful
4
Replies

ACI Static Route to Connected ASA

Go to solution
rcarmack1
Level 1
Level 1

‎06-06-2021 12:10 PM

Hello,

I'm trying to add a static route, 10.6.8.0/24, to point to an ASA with an interface in an EPG called LAN_VLAN_100 (BD subnet is 172.16.100.0/22).  The ASA's interface IP is  172.16.103.201.  This is a non L3 Out.  The static route shows up in the VRFs route table.  I'm finding that other devices in the same EPG, LAN_VLAN_100, can't communicate with the 10.6.8.0/24 subnet.  I don't see their traffic in the logs as even hitting the ASA when they try to reach 10.6.8.0/24.  I do see other traffic in the network on the ASA.  Traffic does not appear to be asymmetric.  

 

Do static routes have to be pointed to L3 Outs to work properly?  Can I not have a static route pointing to an endpoint?

 

Thanks

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-06-2021 10:08 PM

Hi @rcarmack1 

Configuring static routes under BD (EPG) is only supported for host routes (/32). This is also why when you try to configure the static route in the EPG, the option is called "EP reachability":

ep_reachability.png

From help window: The EP reachability configuration can be used if a load balancer is connected to this EPG and you need to enter the VIP address, where this field allows you define the IP address and enter the load balancer IP address as the next-hop.

EP reachability enables the subnet to be used to create endpoints behind your EPG subnet. This is useful to configure a static route to support virtual services behind firewalls.

 

In other words, the answer is: no, you cannot configure static LPM routes in EPGs. You need a L3Out for that.

 

Stay safe,

Sergiu

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎06-06-2021 10:08 PM

Hi @rcarmack1 

Configuring static routes under BD (EPG) is only supported for host routes (/32). This is also why when you try to configure the static route in the EPG, the option is called "EP reachability":

ep_reachability.png

From help window: The EP reachability configuration can be used if a load balancer is connected to this EPG and you need to enter the VIP address, where this field allows you define the IP address and enter the load balancer IP address as the next-hop.

EP reachability enables the subnet to be used to create endpoints behind your EPG subnet. This is useful to configure a static route to support virtual services behind firewalls.

 

In other words, the answer is: no, you cannot configure static LPM routes in EPGs. You need a L3Out for that.

 

Stay safe,

Sergiu

0 Helpful

Go to solution
rcarmack1
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-07-2021 07:41 AM

Hello,
I didn’t create the static route in the EPG. I created the static route within the L3 out to reach an IP in the EPG. But from what you’re saying I would still need an L3 out because I can’t set a route to reach a subnet behind an endpoint in an EPG?
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to rcarmack1

‎06-07-2021 08:17 AM

That's correct. You need an L3Out towards the firewall.

Go to solution
rcarmack1
Level 1
Level 1
In response to Sergiu.Daniluk

‎06-07-2021 08:47 AM

Thanks for your help.
0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License