Solved: Does Route Prefix length Trump Admin Distance in ASA routing decisions...

will · ‎09-14-2012

Really simple ASA configuration with two interfaces:

C 10.21.50.0 255.255.255.0 is directly connected, TEST104

S 10.21.50.66 255.255.255.255 [1/0] via 11.110.110.2, TEST111

C 11.110.110.0 255.255.255.0 is directly connected, TEST111

Notice the 10.21.50.66 address has a very specific route out TEST111 interface, with and AD of 1. Since this is a /32 prefix, will the route prefer the TEST111 interface or go out the directly connected same subnet interface TEST104, which has an AD of 0? no nat, xlates or special firewall stuff configured here. On a router, the smallest prefix trumps the administrative distance. Does ASA operate the same way?

thx in advance,

Will

Marvin Rhoads · ‎09-14-2012

You're welcome.

Right - it was two /25s. Sorry about the misstatement - long day and was working more with route maps prefix- and access-lists than netmasks today.

View solution in original post

Marvin Rhoads · ‎09-14-2012

Yes. I've done something similar in forcing an ASA to send site-site traffic destined for the management network attached to the distant end ASA's Mgmt interface out the Inside interface. In that case I simply subdivided the /24 into two /23s (plus two /32s for completeness at the all ones and all zeros boundary). Shorter prefix overcame the otherwise-connected route.

will · ‎09-14-2012

thx marvin for quick reply. i assume you meant "subdivided the /24 into two /25's" rather than /23's?

Marvin Rhoads · ‎09-14-2012

You're welcome.

Right - it was two /25s. Sorry about the misstatement - long day and was working more with route maps prefix- and access-lists than netmasks today.