cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
983
Views
0
Helpful
2
Replies

Multiple route 0.0.0.0 0.0.0.0 on ASA 5505

jeremyrcarr
Level 1
Level 1

Hi Guys,

I want to know with an ASA 5505 w/ Security Plus License I get up to 20 VLANS/Named Interfaces.

I have a customer that is getting a new subnet of external IP addresses from their service provider and a different default gateway to accomodate re-hosting their datacenter at their main office instead of at a Colo.

My question, when building out their new DMZ, can I have multiple route 0.0.0.0 commands?

Example.

Current Default Gateway 1.1.1.X

Internal hosts 192.168.1.0 use and are natted to 1.1.1.X

New Default Gateway for DMZ Servers 2.2.2.x

Internal hosts still use 1.1.1.X, but server hosts in 192.168.1.3 should use 2.2.2.X -- there are also a bunch of pre-existing static NAT rules for these servers such as 2.2.2.30 translates to 192.168.1.30.

I think I would accomplish this by using the following:

route inside 0.0.0.0 0.0.0.0 1.1.1.X

route DMZ 0.0.0.0 0.0.0.0 2.2.2.x

Would this be correct?

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Jeremy,

No, this will not work as you can only have one default route pointing an interface ( there is no support for multiple default routes going over different interfaces)

You might want to read the SLA feature that I would say is the option that will fit your requirements

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Jeremy,

No, this will not work as you can only have one default route pointing an interface ( there is no support for multiple default routes going over different interfaces)

You might want to read the SLA feature that I would say is the option that will fit your requirements

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks Julio, your solution wont fit my requirements, but we'll split the customer's network with a spare router, and once they can get some additional IP's on the new range, I'll unite them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: