Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
0
Helpful
5
Replies

Can i point default gateway to the north of Firewall? Recommend?

Go to solution
aannuupp1
Level 1
Level 1

‎06-16-2022 12:18 PM

WIN_20220616_14_17_02_Pro.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎06-16-2022 01:57 PM - edited ‎06-16-2022 11:35 PM

Hello
looking at your topology i would say the default route should point to the asa as most probably that is the gateway for external network traffic.

 

By the way the default does not have to be a connected or next hop ip/interface sometimes it can be a recursive static default which isn’t one of the above - it can be a next hop ip address related to another route existing in the route table  so for traffic to reach its destination via a recursive route the rtr will lookup the recursive nexthop ip address and find another route that will then be used to forward the destination traffic.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-16-2022 12:23 PM

is this switch acting as Layer 2 ?

 

If the firewall is HA mode you should have VIP IP, so you can point to that IP address.

 

example :

 

https://www.networkstraining.com/cisco-asa-active-standby-configuration/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
aannuupp1
Level 1
Level 1
In response to balaji.bandi

‎06-16-2022 12:33 PM

The switch has SVI ip address

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-16-2022 12:34 PM - edited ‎06-16-2022 12:41 PM

if the north is active ASA then Yes you can.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎06-16-2022 12:36 PM

Hello,

 

the short answer is: no. The default gateway (or default route) needs to point to a next hop address. So 10.61.10.1 will not work.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-16-2022 01:57 PM - edited ‎06-16-2022 11:35 PM

Hello
looking at your topology i would say the default route should point to the asa as most probably that is the gateway for external network traffic.

 

By the way the default does not have to be a connected or next hop ip/interface sometimes it can be a recursive static default which isn’t one of the above - it can be a next hop ip address related to another route existing in the route table  so for traffic to reach its destination via a recursive route the rtr will lookup the recursive nexthop ip address and find another route that will then be used to forward the destination traffic.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card