Solved: Re: ASA Thinks Route Is Directly Connected When Its Not

pugs17211721 · ‎09-22-2017

I have an ASA that is behaving quite peculiar. I am trying to get to (IP's changed for security purposes) 10.16.37.98. This site is a bank that we need to send information to, it just so happens to be the next block of IP's from our same ISP as our secondary (failover link) is. Here is my interface connectivity for the related interface:

interface Ethernet0/0
description Internet Connection
speed 100
duplex full
nameif outside
security-level 0
ip address 10.16.37.74 255.255.255.248

By subnetting rules, only 10.16.37.73 - 79, should be directly connected, so I am a bit confused as to why the following is happening:

show route outside 199.16.37.98

C 10.16.37.72 255.255.255.248 is directly connected, outside

Anyone have any ideas? Here is the pertinent show version from the ASA:

Cisco Adaptive Security Appliance Software Version 9.1(6)

Compiled on Fri 27-Feb-15 13:50 by builders
System image file is "disk0:/asa916-k8.bin"
Config file at boot was "startup-config"

<hostname> up 2 days 2 hours
failover cluster up 2 days 2 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz,

pugs17211721 · ‎10-02-2017

turns out it was EIGRP. It was configured to summarize the routes, once I did no auto-summary on the eigrp configuration, all works as intended.

router eigrp 100
no auto-summary

D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:03:51, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside

View solution in original post

Flavio Miranda · ‎09-22-2017

Hi,

Do you "ip classless" on your running-config?

pugs17211721 · ‎09-25-2017

It does not take this command

Kornelia Gutierrez · ‎09-22-2017

Hello,

I hope you are fine, I understand that you are changing you ip adresses for security purposes, based on the following statement:

ip address 10.16.37.74 255.255.255.248

10.16.37.74 is an available ip address within the 10.16.37.72/29 subnet that can be assigned to a host or device.

The network id is 10.16.37.72/29

the broadcast address is 10.16.37.79.

the available ip address are from 10.16.37.78 to 10.16.37.78 (those can be assigned to hosts or devices)

The reason why the ASA is showing you in the routing table the 10.16.37.72 network as directly connected is because 10.16.37.74 ip address resides within that subnet.

Hope this helps!

pugs17211721 · ‎09-25-2017

I am looking at routing for the .98 address, this is not in the same subnet.

pugs17211721 · ‎10-01-2017

Any one have any ideas?

Flavio Miranda · ‎10-01-2017

Did you try to use IP classless as I said?

pugs17211721 · ‎10-02-2017

it does not take that command, like i mentioned above:

(config)# ip classless
^
ERROR: % Invalid input detected at '^' marker.

pugs17211721 · ‎10-02-2017

In doing some more digging, this is actually an EIGRP problem

ASA# show route | inc <removed for security>
D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:08:30, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside
D 10.16.37.0 255.255.255.0 is a summary, 0:12:42, Null0

the /28 is not correct, but it is learning it via itself (192.168.20.10 is its inside interface)

pugs17211721 · ‎10-02-2017

turns out it was EIGRP. It was configured to summarize the routes, once I did no auto-summary on the eigrp configuration, all works as intended.

router eigrp 100
no auto-summary

D 10.16.37.80 255.255.255.240 [90/3584] via 192.168.20.10, 0:03:51, inside
C 10.16.37.72 255.255.255.248 is directly connected, outside

Flavio Miranda · ‎10-02-2017

Good!

Thanks for let us know.