Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1141
Views
35
Helpful
8
Replies

ASA-5525: Why is Default Gateway different than S 0.0.0.0 0.0.0.0 ?

Go to solution
MicJameson1
VIP Alumni
VIP Alumni

‎02-16-2023 08:27 AM - last edited on ‎02-16-2023 09:26 PM by Community Manager

Hello. GIVEN:

 

ASA-5525# sh ip route
!! output omitted !! Gateway of last resort is 3.3.3.3 to network 0.0.0.0

ASA-5525# sh route 172.16.239.0
% Subnet not in table
S 0.0.0.0 0.0.0.0 [255/0] via 172.16.7.1, inside tunneled

Why is the gateway of last resort different than the below route?

What is the next hop for standard traffic to reach 172.16.239.0 ?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to MicJameson1

‎02-16-2023 09:31 AM - last edited on ‎02-16-2023 10:10 PM by Community Manager

Why is the gateway of last resort different than the below route? for your case you have already have another default gw toward 3.3.3.3, so no need another default route 

for point about if ASA can have two default route and which one will use it will use that without tunnelled for any traffic not from VPN. 

to be sure  run lab and always the ASA use the path toward the default gw WITHOUT TUNNELED 

and I also check the

show route x.x.x.x

<<- if the route not direct or static or dynamic learn then the ASA not show the default GW it use. 

 

Screenshot (294).png

View solution in original post

8 Replies 8

Go to solution
MHM Cisco World
VIP
VIP

‎02-16-2023 08:33 AM - edited ‎02-16-2023 08:34 AM

S 0.0.0.0 0.0.0.0 [255/0] via 172.16.7.1, inside tunneled <<- tunneled keyword make this Default GW use only by VPN anyconnect, remove it and check again 

Go to solution
MicJameson1
VIP Alumni
VIP Alumni
In response to MHM Cisco World

‎02-16-2023 08:39 AM

This is production environment. I think it is bad idea to remove this route.

My task involves routing endpoints through L2L tunnel. (The routing is not correct.)

Currently, what is the next hop for standard traffic to reach 172.16.239.0 ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MicJameson1

‎02-16-2023 08:49 AM

S 0.0.0.0 0.0.0.0 [255/0] via 172.16.7.1, inside <<- then only add other static route. 
after you add above 
Currently, what is the next hop for standard traffic to reach 172.16.239.0 ? it will be 172.16.7.1 and egress interface will be INSIDE 

Go to solution
MicJameson1
VIP Alumni
VIP Alumni
In response to MHM Cisco World

‎02-16-2023 09:04 AM - last edited on ‎02-16-2023 09:29 PM by Community Manager

OK, you solved my specific question. May you please now answer my general question?...

 

ASA-5525# sh ip route
!! output omitted !! Gateway of last resort is 3.3.3.3 to network 0.0.0.0

 

Why is the gateway of last resort different than the below route?

 

ASA-5525# sh route 172.16.239.0
% Subnet not in table
S 0.0.0.0 0.0.0.0 [255/0] via 172.16.7.1, inside tunneled

 

Thank you.

 

Go to solution
David Ruess
VIP
VIP
In response to MicJameson1

‎02-16-2023 09:28 AM - edited ‎02-16-2023 09:52 AM

It looks like the AD is 255 (which means "infinite" metric) and do not install in routing table. So its probably using the 3.3.3.3 since it has a valid AD.

We would probably need the whole routing table to determine what decisions are being made.

 

-David

Go to solution
MicJameson1
VIP Alumni
VIP Alumni
In response to David Ruess

‎02-16-2023 11:43 AM

Standard Cisco devices label AD 255 as infinite.

My understanding is that ASA devices are different-- they label AD 255 as valid.

Correct or not correct?

Go to solution
David Ruess
VIP
VIP
In response to MicJameson1

‎02-16-2023 01:00 PM

Apologies. You are correct. I overlooked that and don't work with ASAs like I do IOS devices. It was a habit response. 

Go to solution
MHM Cisco World
VIP
VIP
In response to MicJameson1

‎02-16-2023 09:31 AM - last edited on ‎02-16-2023 10:10 PM by Community Manager

Why is the gateway of last resort different than the below route? for your case you have already have another default gw toward 3.3.3.3, so no need another default route 

for point about if ASA can have two default route and which one will use it will use that without tunnelled for any traffic not from VPN. 

to be sure  run lab and always the ASA use the path toward the default gw WITHOUT TUNNELED 

and I also check the

show route x.x.x.x

<<- if the route not direct or static or dynamic learn then the ASA not show the default GW it use. 

 

Screenshot (294).png

Customers Also Viewed These Support Documents