cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
548
Views
0
Helpful
3
Replies

ASA Static Route Question

ittechcisco
Level 1
Level 1

Hi All, Looking for some assistance with an ASA routing issue.

 

Some background:

 

Network consists of a 3850 stack with multiple VLANs and is configured as the default gateway for all VLANs. The main workstation VLANs is 192.168.5.0 with an old ASA 5510 (8.2) connected at 192.168.5.5.

 

3850 gateway of last resort is 192.168.5.5 to network 0.0.0.0

 

3850 has a guest VLAN 192.168.9.0

 

The current ASA 5510 has the following static routes

outside 0.0.0.0 0.0.0.0 (to our ISP assigned public IP) 1

inside 192.168.9.0 255.255.255.0 192.168.5.5 1

 

This works with no issues. Guest VLAN has access to the internet

 

Now I’m working with a replacement ASA 5508-X (9.7) with firepower

 

I configured the ASA to match the existing ASA 5510 and everything works except the VLAN 192.168.9.0

 

When I try to configure the same static route inside 192.168.9.0 255.255.255.0 192.168.5.5 I get the following error:

 

[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1

Invalid next hop address 192.168.5.5 it matches our IP address

 

What am I missing here. Is there a change between the 2 ASA versions and this is now done another way? Any insight would be appreciated. Thanks.

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1

Invalid next hop address 192.168.5.5 it matches our IP address

 

If the ASA has 192.168.5.5  <-- what is the reason of routing to same interface.

you need to route this network to Switch IP

 

or post old and new config, also give Switch IP address and config ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for the reply.

 

I have to route to the interface that connects to the internet which is the ASA at 192.168.5.5.

 

The 3850 switch has multiple VLANs with IP routing enabled.

The VLAN that works with the new ASA 5508-X is 192.168.5.0 gateway IP is 192.168.5.1

VLAN 192.168.9.0 does not get to the internet via ASA at 192.168.5.5 since I cannot configure a static route as I did on the ASA 5510.

As per the orginal post you are looking to replace old with new kit.

 

Since we do not know what is inside interface config and  what is outside config ? that is reason requested below information :

 

post old and new config, also give Switch IP address and config ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: