Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
2
Replies

Cisco ASA null0 route question

bjohnson1224
Level 1
Level 1

‎08-11-2023 12:54 PM

We have our headquarters in Japan and they have issued 10.240.0.0/13 subnet for use in the USA.  They are reporting that unused IP's on this subnet are causing loops on their core switch. They are asking us to put a null0 route statement for that subnet into our Cisco ASA 5525 which handles all L3 routing in one of our data centers.

route null0 10.240.0.0 255.248.0.0

My concern is that this will drop the legitimate traffic for this subnet that does need to talk to Japan.

We do route subnets from the 10.240.0.0/13 that are being used by business units across North America out OSPF and across our MPLS.  My question is will this work for the IP's not being used in this subnet to be denied but still allow the legitimate traffic to Japan that is advertised in our OSPF?

Any clarification on this would be greatly appreciated.

Thank you,

B.Johnson

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎08-11-2023 01:00 PM

I send message check it

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-14-2023 08:27 AM

Routing works on a longest prefix match.  So you could route a whole /13 to null so long as you have more specific longer prefix routes defined for the relevant traffic.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card