Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1586
Views
4
Helpful
1
Replies

Multiple routes to same subnet

Go to solution
Mokhalil82
Level 4
Level 4

‎05-27-2015 12:57 PM - edited ‎03-08-2019 12:13 AM

Hi

I have an ASA connected to my core switch with 2 cables, one from the inside interface and the other for management. The asa has a route to my internal networks via the inside interface. Now I can ping my inside interface from all my internal networks but I can only ping my management interface from a vm or hosts in my management subnet and not from other subnets unless i insert a route on my asa pointing inside via my management link.

 

Just wondering how can I configure both routes so that all my internal subnets can get to my inside interface and management interface

 

Thanks

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-28-2015 10:05 AM

The short answer is you can't add the same routes via different interfaces because the ASA does not support VRFs so you cannot put the management interface into it's own VRF and give it a separate set of routes.

This is why a lot of people simply manage the ASA via it's inside interface.

Unless you only manage the ASA from a specific IP subnet that is only used for management you are not going to be able to do this.

Another alternative is to use contexts ie. you could use a separate context for management only and this would allow you to add routes.

Finally if you have L3 switches that support NAT then you could possibly NAT the source IPs based on the destination IP of the management interface and then return traffic would be sent back via the management interface.

So the L3 switch would have an SVI from the same IP subnet as the management interface and you setup NAT so that any source IPs to the management interface were translated to the SVI IP address on the switch.

Then traffic would automatically be sent back via the management interface.

Jon

View solution in original post

1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-28-2015 10:05 AM

The short answer is you can't add the same routes via different interfaces because the ASA does not support VRFs so you cannot put the management interface into it's own VRF and give it a separate set of routes.

This is why a lot of people simply manage the ASA via it's inside interface.

Unless you only manage the ASA from a specific IP subnet that is only used for management you are not going to be able to do this.

Another alternative is to use contexts ie. you could use a separate context for management only and this would allow you to add routes.

Finally if you have L3 switches that support NAT then you could possibly NAT the source IPs based on the destination IP of the management interface and then return traffic would be sent back via the management interface.

So the L3 switch would have an SVI from the same IP subnet as the management interface and you setup NAT so that any source IPs to the management interface were translated to the SVI IP address on the switch.

Then traffic would automatically be sent back via the management interface.

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card