Default gateway not working ASA 5505 8.4.2 - Packet Tracer 7.2.2
I´ve configured a "default route" in my ASA 5505 (8.4.2) but it is not working. When I try to send a packet toward a internet (public address), for instance 22.214.171.124, the packet is dropped with the message below:
1. The device looks up the destination IP address in the CEF table.
2. The CEF table does not have an entry for the destination IP address.
3. The device looks up the destination IP address in the routing table.
1. The routing table finds a routing entry to the destination IP address.
2. The destination network can be reached via 126.96.36.199.
1. The next-hop IP address is not in the ARP table. The ARP process tries to send an ARP request for that IP address and drops this packet.
Why 188.8.131.52? My default gateway is 10.11.11.2, instead (my next hop). ASA does not send the packet to the default gateway, sends a ARP request (broadcast FFFFFF....) and the Gateway drops the packet.
The entire configuration:
ASA Version 8.4(2)
switchport access vlan 249
switchport access vlan 49
no ip address
ip address dhcp
ip address 10.11.11.1 255.255.255.252
no forward interface Vlan1
ip address 10.1.249.1 255.255.255.0
object network in_corp
subnet 10.1.249.0 255.255.255.0
route OUTSIDE 0.0.0.0 0.0.0.0 10.11.11.2 1
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended permit icmp any any unreachable
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...
Related documentsCisco ISE (Identity Services Engine) IPv6 features by release2.6ISE ManagementNetwork Time Protocol SupportDomain Name System SupportExternal RepositoriesAudit Logs and ReportsSimple Network Management ProtocolAccess Control Lists And Dyn...
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 184.108.40.206Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 220.127.116.11R1(config-ikev2-keyring-pee...