cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
227
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA Static Route Question

Hi All, Looking for some assistance with an ASA routing issue.

 

Some background:

 

Network consists of a 3850 stack with multiple VLANs and is configured as the default gateway for all VLANs. The main workstation VLANs is 192.168.5.0 with an old ASA 5510 (8.2) connected at 192.168.5.5.

 

3850 gateway of last resort is 192.168.5.5 to network 0.0.0.0

 

3850 has a guest VLAN 192.168.9.0

 

The current ASA 5510 has the following static routes

outside 0.0.0.0 0.0.0.0 (to our ISP assigned public IP) 1

inside 192.168.9.0 255.255.255.0 192.168.5.5 1

 

This works with no issues. Guest VLAN has access to the internet

 

Now I’m working with a replacement ASA 5508-X (9.7) with firepower

 

I configured the ASA to match the existing ASA 5510 and everything works except the VLAN 192.168.9.0

 

When I try to configure the same static route inside 192.168.9.0 255.255.255.0 192.168.5.5 I get the following error:

 

[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1

Invalid next hop address 192.168.5.5 it matches our IP address

 

What am I missing here. Is there a change between the 2 ASA versions and this is now done another way? Any insight would be appreciated. Thanks.

Everyone's tags (2)
3 REPLIES 3
VIP Advisor

Re: ASA Static Route Question

[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1

Invalid next hop address 192.168.5.5 it matches our IP address

 

If the ASA has 192.168.5.5  <-- what is the reason of routing to same interface.

you need to route this network to Switch IP

 

or post old and new config, also give Switch IP address and config ?

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: ASA Static Route Question

Thanks for the reply.

 

I have to route to the interface that connects to the internet which is the ASA at 192.168.5.5.

 

The 3850 switch has multiple VLANs with IP routing enabled.

The VLAN that works with the new ASA 5508-X is 192.168.5.0 gateway IP is 192.168.5.1

VLAN 192.168.9.0 does not get to the internet via ASA at 192.168.5.5 since I cannot configure a static route as I did on the ASA 5510.

VIP Advisor

Re: ASA Static Route Question

As per the orginal post you are looking to replace old with new kit.

 

Since we do not know what is inside interface config and  what is outside config ? that is reason requested below information :

 

post old and new config, also give Switch IP address and config ?

 

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards