Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
2
Replies

ASA5510 - static routes

Go to solution
willy moronta
Level 1
Level 1

‎04-19-2013 11:01 AM - last edited on ‎03-25-2019 05:50 PM by Community Manager

Hello all I'm trying to move some configurations over to an ASA5510 and some of the commands are a bit different than I'm used to (worked on old pix before)

I've configured the following on the device:

Outside interface:  65.66.64.34/28

DMZ                  :  65.66.64.49/28

Inside                :  10.2.3.3/26

===========================

The current firewall has the below configured on it (old Juniper)

10.2.3.0/24                       gateway 10.2.3.15               **10.2.3.15 is the IP for 3750 switch on the inside LAN**

10.0.0.0/24                       gateway 10.2.3.4                 **10.12.175.4 internal vpn- will remove later but thats a different discussion**

0 0                                    gateway  65.66.64.33            **to internet

10.0.1.0                            gateway 10.2.3.2                 **10.2.3.2 represents mpls traffic

10.0.0.8                             gateway 10.2.3

=============================

Will the following statements make the same thing work on a 5510?

route inside 10.2.3.0/24    10.2.3.15

route inside 10.0.0.0        10.2.3.4

route inside 10.0.1.0        10.2.3.2

The current set up for this network has an mpls router and a vpn concentrator as part of the network my aim currently is to replace the juniper with an asa5510 the changing of the vpn tunnels will be for a different time:

work station ===>  switch (3750) DG to =====> MPLS (vendor owned and managed) ====> non mpls traffic ====> vpn concentrator ===>firewall ===> router

The above will need acls to go with the routes, which I should manage ok just want to make sure the routing is configured properly


Any help will be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-19-2013 11:12 AM

Hi,

The Static Route configuration format on the ASA is basically

route

Where

  • = Is the interface behind which the network is related to the ASA
  • = Is the network address of the network for which you are configuring the static route
  • = Is the network mask
  • = Is the next hop IP address behind which the network is found

So IF I understood you correctly the routes would look something like this

route inside 10.2.3.0 255.255.255.0 10.2.3.15

route inside 10.0.0.0 255.255.255.0 10.2.3.4

route inside 10.0.1.0 255.255.255.0 10.2.3.2

route outside 0.0.0.0 0.0.0.0  65.66.64.33

I am not sure what this route section was

10.0.0.8                             gateway 10.2.3

Seems the gateway IP address is missing the last part

I am not sure if I got the complete picture how the network is built. Seems you ASA will need to route different networks to different gateways on the same "inside" interface. Cant really see if you could possibly run into situation with asymmetric routing.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-19-2013 11:12 AM

Hi,

The Static Route configuration format on the ASA is basically

route

Where

  • = Is the interface behind which the network is related to the ASA
  • = Is the network address of the network for which you are configuring the static route
  • = Is the network mask
  • = Is the next hop IP address behind which the network is found

So IF I understood you correctly the routes would look something like this

route inside 10.2.3.0 255.255.255.0 10.2.3.15

route inside 10.0.0.0 255.255.255.0 10.2.3.4

route inside 10.0.1.0 255.255.255.0 10.2.3.2

route outside 0.0.0.0 0.0.0.0  65.66.64.33

I am not sure what this route section was

10.0.0.8                             gateway 10.2.3

Seems the gateway IP address is missing the last part

I am not sure if I got the complete picture how the network is built. Seems you ASA will need to route different networks to different gateways on the same "inside" interface. Cant really see if you could possibly run into situation with asymmetric routing.

- Jouni

0 Helpful

Go to solution
willy moronta
Level 1
Level 1
In response to Jouni Forss

‎04-19-2013 11:29 AM

Jouni, thanks for the very quick reply.

That was a typo on my part, the gateway for 10.0.0.8 should be 10.2.3.2

But that does clear up my question, and having the routes per named interface makes this way easier.

The inside interface is connected to a core switch which does indeed have different possible routes.  Said switch has connections to a VPN concentrator and an MPLS router directly and the switchs default gateway is the mpls router 10.2.3.2. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card