Solved: Mahesh,The /28 mask (255.255

mahesh18 · ‎06-29-2014

Hi Everyone,

Need to confirm how ASA will choose next hop IP from below config

ASA config

Interface X

ip 10.16.102.1

http 172.16.10.220 255.255.255.255 X

Where this ASA talks to server on port 443.

As per the network setup ASA should reach server 172.16.10.220 via its interface X.

When i do sh route on ASA it shows

route Y 172.16.10.0 255.255.255.240 172.16.101.1 1
route X 172.16.10.128 255.255.255.128 10.16.102.2

Need to confirm in order for ASA to reach server 172.16.10.220 it will choose next HOP IP 172.16.101.1 via interface IP Y as it has more specific route right?

If i need that next hop should be via 10.16.102.2 then i need below config right

route X 172.16.10.220 255.255.255.255 10.16.102.2 right?

Regards

MAhesh

Marvin Rhoads · ‎06-29-2014

Mahesh,

The /28 mask (255.255.255.240) on your first route means the included hosts are 172.16.10.0 - 172.16.10.15. So your server at 172.16.10.220 is not in that subnet.

Instead it is in the 172.16.10.128 /25 subnet. (addresses 172.16.10.128 - 172.16.10.255) and the route to it should already be out interface X and via 10.16.102.2.

View solution in original post

Marvin Rhoads · ‎06-29-2014

Mahesh,

The /28 mask (255.255.255.240) on your first route means the included hosts are 172.16.10.0 - 172.16.10.15. So your server at 172.16.10.220 is not in that subnet.

Instead it is in the 172.16.10.128 /25 subnet. (addresses 172.16.10.128 - 172.16.10.255) and the route to it should already be out interface X and via 10.16.102.2.

mahesh18 · ‎06-29-2014

Many thanks Marvin

ASA --Selecting next hop