cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


868
Views
0
Helpful
10
Replies
Highlighted
Beginner

ASA Thinks Route Is Directly Connected When Its Not

I have an ASA that is behaving quite peculiar. I am trying to get to (IP's changed for security purposes) 10.16.37.98. This site is a bank that we need to send information to, it just so happens to be the next block of IP's from our same ISP as our secondary (failover link) is. Here is my interface connectivity for the related interface:

 

interface Ethernet0/0
description Internet Connection
speed 100
duplex full
nameif outside
security-level 0
ip address 10.16.37.74 255.255.255.248

 

 

By subnetting rules, only 10.16.37.73 - 79, should be directly connected, so I am a bit confused as to why the following is happening:

 

show route outside 199.16.37.98

<route codes removed>

 

C 10.16.37.72 255.255.255.248 is directly connected, outside

 

 

Anyone have any ideas? Here is the pertinent show version from the ASA:

 

Cisco Adaptive Security Appliance Software Version 9.1(6)

Compiled on Fri 27-Feb-15 13:50 by builders
System image file is "disk0:/asa916-k8.bin"
Config file at boot was "startup-config"

<hostname> up 2 days 2 hours
failover cluster up 2 days 2 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz,

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

turns out it was EIGRP. It was configured to summarize the routes, once I did no auto-summary on the eigrp configuration, all works as intended.

 

router eigrp 100
no auto-summary

 

<line 1 is actually our ISP as well, just in the other datacenter>

 

D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:03:51, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside

View solution in original post

10 REPLIES 10

Re: ASA Thinks Route Is Directly Connected When Its Not

Hi,

Do you "ip classless" on your running-config?

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

It does not take this command

Re: ASA Thinks Route Is Directly Connected When Its Not

Hello,

 

I hope you are fine, I understand that you are changing you ip adresses for security purposes, based on the following statement:

 

ip address 10.16.37.74 255.255.255.248 

10.16.37.74 is an available ip address within the 10.16.37.72/29 subnet that can be assigned to a host or device.

The network id is 10.16.37.72/29 

the broadcast address is 10.16.37.79.

the available ip address are from 10.16.37.78 to 10.16.37.78 (those can be assigned to hosts or devices)

The reason why the ASA is showing you in the routing table the 10.16.37.72 network as directly connected is because 10.16.37.74 ip address resides within that subnet.

 

Hope this helps!

 

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

I am looking at routing for the .98 address, this is not in the same subnet.

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

Any one have any ideas?

Re: ASA Thinks Route Is Directly Connected When Its Not

Did you try to use IP classless as I said?

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

it does not take that command, like i mentioned above:

 

 

(config)# ip classless
^
ERROR: % Invalid input detected at '^' marker.

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

In doing some more digging, this is actually an EIGRP problem

 

 

ASA# show route | inc <removed for security> 
D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:08:30, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside
D 10.16.37.0 255.255.255.0 is a summary, 0:12:42, Null0

 

 

the /28 is not correct, but it is learning it via itself (192.168.20.10 is its inside interface)

Beginner

Re: ASA Thinks Route Is Directly Connected When Its Not

turns out it was EIGRP. It was configured to summarize the routes, once I did no auto-summary on the eigrp configuration, all works as intended.

 

router eigrp 100
no auto-summary

 

<line 1 is actually our ISP as well, just in the other datacenter>

 

D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:03:51, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside

View solution in original post

Re: ASA Thinks Route Is Directly Connected When Its Not

Good!

 Thanks for let us know. 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here