05-07-2019 11:27 AM
Hi All, Looking for some assistance with an ASA routing issue.
Some background:
Network consists of a 3850 stack with multiple VLANs and is configured as the default gateway for all VLANs. The main workstation VLANs is 192.168.5.0 with an old ASA 5510 (8.2) connected at 192.168.5.5.
3850 gateway of last resort is 192.168.5.5 to network 0.0.0.0
3850 has a guest VLAN 192.168.9.0
The current ASA 5510 has the following static routes
outside 0.0.0.0 0.0.0.0 (to our ISP assigned public IP) 1
inside 192.168.9.0 255.255.255.0 192.168.5.5 1
This works with no issues. Guest VLAN has access to the internet
Now I’m working with a replacement ASA 5508-X (9.7) with firepower
I configured the ASA to match the existing ASA 5510 and everything works except the VLAN 192.168.9.0
When I try to configure the same static route inside 192.168.9.0 255.255.255.0 192.168.5.5 I get the following error:
[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1
Invalid next hop address 192.168.5.5 it matches our IP address
What am I missing here. Is there a change between the 2 ASA versions and this is now done another way? Any insight would be appreciated. Thanks.
05-07-2019 11:58 AM
[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1
Invalid next hop address 192.168.5.5 it matches our IP address
If the ASA has 192.168.5.5 <-- what is the reason of routing to same interface.
you need to route this network to Switch IP
or post old and new config, also give Switch IP address and config ?
05-07-2019 12:57 PM
Thanks for the reply.
I have to route to the interface that connects to the internet which is the ASA at 192.168.5.5.
The 3850 switch has multiple VLANs with IP routing enabled.
The VLAN that works with the new ASA 5508-X is 192.168.5.0 gateway IP is 192.168.5.1
VLAN 192.168.9.0 does not get to the internet via ASA at 192.168.5.5 since I cannot configure a static route as I did on the ASA 5510.
05-07-2019 11:00 PM
As per the orginal post you are looking to replace old with new kit.
Since we do not know what is inside interface config and what is outside config ? that is reason requested below information :
post old and new config, also give Switch IP address and config ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: