Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
1
Replies

Firewall Routing

richard.priest
Level 1
Level 1

‎10-03-2019 08:30 AM

Can someone help me to understand how a firewall makes a routing decision? 

 

I have some traffic which needs to get to a subnet not directly attached to the firewall. there is a static route to that subnet, however the nameif subinterface is not the same as the one that traffic would be coming in on.

 

(traffic would be entering from an interface called LAN (sec level 100), and should be exiting via a subinterface named DMZ (sec level 50)

 

However when performing a packet-tracer test the default route out is being picked and as an result the traffic is dropped.

 

I can't add another route with the same network and destination on a different interface for obvious reasons.

 

Why is my traffic being redirected to the default gateway when there is clearly a a better route to the destination in the routing table?

 

FW_Route1.png

 

 

This is a cut from the routing table the 192.168.20.0/24 subnet is where I'm trying to send my traffic from the 'LAN' subnet

FW_Route2.png

 

Many thanks!

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-03-2019 08:37 AM

Hi,
You've got "192.16.20.60" in the destination of the packet tracer rather than "192.168.20.60", so it wouldn't match the static route

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card