Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
4
Helpful
5
Replies

No Route even as there is a static route

lemmy1234
Level 1
Level 1

‎02-22-2007 12:25 AM - edited ‎03-09-2019 05:27 PM

Hi there,

there is a PIX 525 with 7.2(2) running.

The following issue occured:

- suddenly the PIX cannot find a route to one specific host

- There is a static route to the net in which the host resides.

- The hosts one figure above and below are reachable (cannot reache x.x.x.243 but x.x.x.244 and 242).

- The specific host is only from one single interface unreacheable, from the others it can be reached.

- The connection/routing works for a day and suddenly the routing fails.

- There is also ospf running on this machine (as a ASBR).

Is there a bug in the IOS?

Does static routing and ospf not work together?

What can I do to get closer to the cause or how can the issue be resolved?

Thanks in advance

Labels:
0 Helpful
5 Replies 5

IWAN HOOGENDOORN
Level 1
Level 1

‎02-22-2007 02:14 AM

Hi,

Do you have natting configured?

#########################################

#If you found this post usefull

#please don't forget to rate this

#########################################

#Iwan Hoogendoorn

#CCIE#13084

#########################################

0 Helpful

lemmy1234
Level 1
Level 1
In response to IWAN HOOGENDOORN

‎02-22-2007 03:28 AM

Historicaly there is static NAT configured. The source ip stays the same on the translated interface.

In the new IOS there is additionaly "enable traffic through the firewall without NAT" enabled.

In the firewall log is the following entry:

%PIX-6-110001: No route to x.x.x.243 from x.x.x.x

Before the issue occured the first time no changes have been made on routing (except ospf dynamic entries) or natting.

0 Helpful

IWAN HOOGENDOORN
Level 1
Level 1
In response to lemmy1234

‎02-22-2007 03:58 AM

Hi,

Can you send a output of you "sh route" Thanks,

#########################################

#If you find this post usefull

#please don't forget to rate this

#########################################

#Iwan Hoogendoorn

#CCIE#13084

#########################################

0 Helpful

lemmy1234
Level 1
Level 1
In response to IWAN HOOGENDOORN

‎02-22-2007 04:46 AM

Hi,

thank you for your reply.

Unfortunatelly the routing table is too long

to post here and I am also not allowed to post it.

The host which is not reachable is in the same static route included like the hosts which can be reached (even in the case of failure).

The route is during the failure still in the routing table and other host have to use the entry (because I can get them via ping).

By the way currently is all working - no failure. So I suppose that there is currently no misconfiguration visible.

The problem occurs "suddenly" and vanishes as soon as I reload the machine.

Can you tell me on which things I shoud have a look on - especially if the failure occurs?

0 Helpful

IWAN HOOGENDOORN
Level 1
Level 1
In response to lemmy1234

‎02-22-2007 04:51 AM

Hi,

Look at the administrative distance of the route ... maybe OSPF is cousing a second route to the same path ...

If it occurs sometimes it might be the OSPF routingupdates

check the uplates frequantly and see if a OSPF route times out (dead timer) and is advertised again ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents