Solved: asa 5510 version 9.1 (7) 16 cannot delete static route

WannaB · ‎09-02-2017

Hello, need help in deleting static route to outside interface. New to ASA, I picked up a asa firewall for a home lab and it is behind a ARRIS NVG599. I have set my outside interface to obtain an IP Address from DCHP on network 192.168.1.0. I have my Inside interface configured to support 10.1.1.0 network but cannot ping from a machine connected to the inside interface to a machine on the outside interface. My thought process was to create a static route to 192.168.1.254 but that did not work. So now I'm thinking to set a static route to the IP Address that the outside interface has which is 192.168.1.111 but I cannot delete the current static route which is 0 0 192.168.1.254. So how can I delete the current static route?

WannaB · ‎09-02-2017

Thank you, that seems to have worked. Thank you so much

Another question any Ideas of how to NAT behind an ARRIS

NVG599. I tried using the example below but it did not work. Also, I cannot ping from the 10. network to a 192. network.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of outside addresses 10.2.2.1 through 10.2.2.10:
hostname(config)# object network my-range-obj
hostname(config-network-object)# range 10.2.2.1 10.2.2.10
hostname(config)# object network my-inside-net
hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

View solution in original post

Flavio Miranda · ‎09-02-2017

Try this:

clear configure route

WannaB · ‎09-02-2017

Thank you, that seems to have worked. Thank you so much

Another question any Ideas of how to NAT behind an ARRIS

NVG599. I tried using the example below but it did not work. Also, I cannot ping from the 10. network to a 192. network.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of outside addresses 10.2.2.1 through 10.2.2.10:
hostname(config)# object network my-range-obj
hostname(config-network-object)# range 10.2.2.1 10.2.2.10
hostname(config)# object network my-inside-net
hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

Flavio Miranda · ‎09-02-2017

Flavio Miranda · ‎09-02-2017

Don't follow.

What about Arris? Can you put a draw? Or explain better your environment?

Sure we can help.

WannaB · ‎09-17-2017

Sorry for the very late response. I have attached a .pdf file explaining what I'm trying to do.

WannaB · ‎09-02-2017

Thank you, that seems to have worked. Thank you so much

Another question any Ideas of how to NAT behind an ARRIS
NVG599. I tried using the example below but it did not work. Also, I cannot ping from the 10. network to a 192. network.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of outside addresses 10.2.2.1 through 10.2.2.10:
hostname(config)# object network my-range-obj
hostname(config-network-object)# range 10.2.2.1 10.2.2.10
hostname(config)# object network my-inside-net
hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0
hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

Marvin Rhoads · ‎09-03-2017

Ping is not generally a good test as is it not inspected by default when passing through an ASA. You need to add 'inspect icmp' to the default class-map for the ASA to keep track of the ping (icmp echo request) packets and allow the echo replies.

Generally I try to test using a tcp-based connection like ssh, telnet or http.