Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020


Single route to external network through ASA and redistribute

OK, so we have a network where we do not default route through the ASA's to the internet, but set static routes for the few networks we need to connect to. We have a DMZ to handle all the external connectivity and users access the internet via a proxy filtering solution, so this is effective for us. The ASA's are the only devices with default routes to the internet side, like this: route outside 0 0 <netxt hop>

We would like to reduce some administration and redistribute these routes into our EIGRP process.

If I've got:

(buch of other EIGRP devices)------------(router)---------------(layer3switch)---------(ASA) - - - - - - - - internet


My internal network is and I want a route to to the internet via the ASA on all the network gear from the layer3switch to the rest of the inside gear, how do I effectivly do that?

With the default route on the ASA (and NAT/ACL config), the ASA knows what to do with the traffic when it comes in on the internal interface.

If a static route is set on the layer3 switch and the route is redistributed, the ASA will also get the route from the routing protocol and attempt send that incoming traffic to its own internal interface, causing what is essentially a hairpining loop.

For example from the ASA (this is for this example):


           [170/261120] via, 0:54:34, inside

from the layer3switch (this is is subnetted, 1 subnets

S[1/0] via

Would I set a route on the ASA and redistribute from there? If so, what would that look like?

Do I filter the route to the ASA with a route map or some other mechanism on the layer3 switch?


CreatePlease to create content
Content for Community-Ad