Finding the route used for specified destination IP

Martin Jaburek · ‎12-07-2011

Hi,

I'm rather new to the ASA box. recently I tried to use:

asa#show ip route <dest_ip>

which is not an asa command, ok. But show route does not accept parameter as an destination ip address. I have many outgoing interfaces (20 or so) which are only interconnecting networks /28. And behind them I have many other networks. I have hundred or so static route specified.

Now I want easily verify used route (and I do not want to check it manually).

Is there a way?

I use an ASA SW version 8.4.2

vipinrajrc · ‎12-07-2011

Hi martin,

can you please try the following? " i " stands for include. then followed by the destination IP

FW1# sh route | i 192.168.0.0

S 192.168.0.0 255.255.255.0 [1/0] via 82.12.10.15, outside

Please rate this post if it is helpful

Thanks

Vipin

Thanks and Regards, Vipin

Martin Jaburek · ‎12-07-2011

Hi,

this will actually help.

It is not exactly what I was looking for - it needs some refinement in case of suppernetting, but it is viable.

Is there an alternative to #show ip route ?

vipinrajrc · ‎12-07-2011

Hi Martin,

can you try this?

NOCMEFW1# sh route outside 10.55.44.0

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 12.24.9.4 to network 0.0.0.0

S    10.55.55.0 255.255.255.0 [1/0] via 21.10.1.23, outside
S    10.55.44.0 255.255.255.0 [1/0] via 21.10.1.23, outside
S    10.66.1.0 255.255.255.0 [1/0] via 21.10.1.23, outside
S    10.55.77.0 255.255.255.0 [11/0] via 21.10.1.23, outside
S    10.55.66.0 255.255.255.0 [1/0] via 21.10.1.23, outside

Please rate this post if it is helpful

Thanks

Vipin

Thanks and Regards, Vipin

Martin Jaburek · ‎12-07-2011

unfortunately, this is not at all useful.

a) you must specify outgoing interface - that is exatly what I would like to avoid (I have too many of them)

b) as you can see even if you specified the IP address it actually printed out all configured routes on that interface

Mostafa Elmokadem · ‎11-11-2015

Hi Eveybody ,

I am seaching on the same topic . ASA requires you identify the interface which is impossible in my case also due to the large number of interfaces

Any idea please

thanks

arun.surendran · ‎05-21-2018

The best way is to first check for a traceroute to the specific IP address, it will show you the egress interface.

STEP 1.

ASAt# traceroute 53.45.23.1
Tracing the route to 53.45.23.1

1 172.24.120.10 0 msec 0 msec 0 msec >> This is your next hop IP
2 172.24.222.245 0 msec 0 msec 0 msec

STEP 2. Create an arp entry using next hop

ping 172.24.120.10

STEP3. Check arp to find egress interface

ASA# show arp | in 172.24.120.10
inside 172.24.120.10 4055.3909.2c41 1961 >> This is your egress interface (inside/outside etc.)

STEP4. Now find for the longest match (manually)

ASA# show route inside

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 172.24.120.9 to network 0.0.0.0

C    172.24.120.8 255.255.255.248 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 172.24.120.9, inside >> This will be the longest match

Hope this will help you.