01-29-2024 07:26 AM - edited 01-29-2024 07:27 AM
We are currently replacing our ASA with a Firepower 1010. When configuring the VPN we ran into an issue using a 3rd party certificate when trying to authorize SAML SSO with Azure. TAC suggested we update from 7.2 to 7.3. When updating the device we get roughly 35% complete until we hit failure and rollback with the error:
Network objects used in static route can't have the same IP as the IP of the interface used in the route...
The working ASA static route was:
route outside 0.0.0.0 0.0.0.0 10.12.140.1 1
route inside 10.0.0.0 255.0.0.0 10.12.141.1 1
route inside 10.50.128.0 255.255.128.0 10.12.141.1 1
route inside 172.16.0.0 255.240.0.0 10.12.141.1 1
route inside 192.168.0.0 255.255.0.0 10.12.141.1 1
The currently configured static route on the FPR is:
S* 0.0.0.0 0.0.0.0 [1/0] via 10.12.140.1, outside
S 10.0.0.0 255.0.0.0 [1/0] via 10.12.141.1, inside
C 10.12.140.0 255.255.255.0 is directly connected, outside
L 10.12.140.150 255.255.255.255 is directly connected, outside
C 10.12.141.0 255.255.255.0 is directly connected, inside
L 10.12.141.3 255.255.255.255 is directly connected, inside
S 10.50.128.0 255.255.128.0 [1/0] via 10.12.141.1, inside
S 172.16.0.0 255.240.0.0 [1/0] via 10.12.141.1, inside
S 192.168.0.0 255.255.0.0 [1/0] via 10.12.141.1, inside
We have a NAT pointing to 10.12.140.150 (Eth1/1 outside interface).
Eth1/2 (our inside interface) holds 10.12.141.3 and hands out addresses to active VPN connections within its /24 subnet.
I would appreciate any suggestions. (Really hoping I don't have to assign the outside interface a different IP because it involves waiting for our educational ISP to configure the NAT).
-Andrew
01-29-2024 07:40 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd90846
M.
01-29-2024 08:51 AM
"Network objects used in static route can't have the same IP as the IP of the interface used in the route..."
Is that the error you get when you try to upgrade?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide