hi john,thanks for the lead!

johnlloyd_13 · ‎05-21-2014

hi all,

i'm trying to add static default route for both the 'outside' and 'management' interfaces but the ASA doesn't let me and getting an error.

i see them added successfully on our other ASA currently in production.

any commands i need to enable first in order for the ASA to accept these static routes?

ASA02/admin(config)# route management 0.0.0.0 0.0.0.0 172.27.6.129

ASA02/admin(config)# route outside 0.0.0.0 0.0.0.0 116.212.1.1

ERROR: Cannot add route entry, possible conflict with existing routes

jpl861 · ‎05-21-2014

If you have configured this on another ASA then probably ASA has changed its behavior. Check the IOS versions if they are the same. I have noticed they have changed the way static routes worked on some new ASA IOS. It caused me some outage before after upgrading from one IOS to another as the system removed the unacceptable static routes after it restarted.

johnlloyd_13 · ‎05-21-2014

hi john,

the older ASA has 8.3 code and accept the 2 static routes.

# sh ve

Cisco Adaptive Security Appliance Software Version 8.3(2)

i'm ASA 5525-x has an 8.6 code and doesn't accept these lines.

not sure if this is caused by image difference.

jpl861 · ‎05-21-2014

Yes. That could be the issue. The newer ASA has changed its behavior. Like I said, it happened to me before. They have been more strict with static routes now.

johnlloyd_13 · ‎05-22-2014

hi john,

thanks for the lead! i think it's a default policy on the ASA and should configure a different metric (AD) to be able to add them.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/configuration/guide/config/ip.html#wp1047894

ciscoasa(config)# route outside 0 0 1.1.1.1
ciscoasa(config)# route management 0 0 2.2.2.2 2

Add static default route for outside and management