Hi Jon,

Sorry I do not know what I was doing, this other guy from my other post told me to add them as statics on both devices.

What should I delete? and from which device?

John

John

I am just reading up on that post as we speak.

Edison is very good so i'm trying to follow the logic of why you decided to add them to both devices. If the ASA and the SonicWall were on the same internal subnet i could understand it but they aren't.

Basically which routes are used in the routing table depends on something called AD (Administrative Distance). Static routes have a much better AD than RIP routes so that that is why you don't see the RIP routes in the ASA routing table.

if you wanted to see the SonicWall routes as RIP on the ASA then you would need to remove the static entries on the ASA for the SonicWall subnets. Then the RIP advertisements for the same routes coming from the L3 switch would be installed on the routing table on the ASA.

Let me have a read of that post and see what the logic of it is.

Jon

Edison was a big help, but it was probably me lack of knowledge.... I thought the Sonicwall routes had to be set statically on each device b/c RIP could not transfer them between the two.

I can start removing the static from the ASA....

It would be perfect if RIP can handle the sonicwall tunnel routes (192.168.102.0) from the L3.

John

John

Okay, i've had a read but it's still not clear. Edison suggested what i was suggesting 3 times but i think because you kept questioning he just decided you should go with statics. Not sure really.

Basically the misunderstanding seems to be coming as to where you need statics.

If you are redistributing statics into a dynamic routing protocol you only need to configure the statics on one device and then redistribute that into the dynamic routing protocol on the same device. Every other device simply receives these routes as RIP routes (providing you are exchanging RIP routes)

If you configure statics on both the ASA and the L3 switch for the SonicWall subnets then there is no need for RIP other than to exchange the subnets attached to the ASA and the L3 switch.

If you configure the statics only on the L3 switch and redistribute into RIP then you don't need to configure any statics on the ASA for the SonicWall subnets.

Note on the SonicWall you obviously need statics for any subnets on the L3 switch/ASA that the SonicWall needs to get to.

Either way will work ie. statics everywhere or statics on just the SonicWall and L3 switch and then RIP between the L3 switch and the ASA.

Jon

Hi Jon,

I cleaned up my static routes on my ASA. I dont know what I should do next. Should I go to my L3 and redistribute?

Here is my Show Route from my ASA:

ciscodemo(config)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is 173.xxx.xx.65 to network 0.0.0.0

C    192.168.210.0 255.255.255.0 is directly connected, inside

S    192.168.210.100 255.255.255.255 [1/0] via 173.xxx.xx.65, outside

C    173.xxx.xx.64 255.255.255.224 is directly connected, outside

C    192.168.220.0 255.255.255.0 is directly connected, DMZ

S*   0.0.0.0 0.0.0.0 [1/0] via 173.xxx.xx.65, outside

ciscodemo(config)#

John

According to your config you already are redistributing statics on the L3 switch aren't you ?

It can take a bit for the updates to get sent out, can you check "sh route" again on the ASA ?

Jon

Hi Jon,

Still not showing on the ASA.

The 10.10.10.0, 192.168.202.0 and the 192.168.200.0 networks are not connected to my L3 yet, I am still mapping out everything getting ready to cut over.

Does this affect RIP and what it will transfer to the ASA? But it would not explain why the static routes are not transfering to the ASA.

John

okay thanks jon,

I will have to wait to cut over for the static and the other routes to show.

I will have to wait, at least I can see the DMZ route showing up on my L3 switch.

Thanks again.

John

John

No problem. If you connect it all up and RIP isn't working don't forget you can use statics on the ASA and then troubleshoot..

Jon