My ASA is not installing dynamic routes into its routing table.

Unanswered Question
Aug 11th, 2007

Our border router is sending a default route only but our ASA is not learning the route. We have run debugs and we have verified that it is being seen by the ASA but the route is not being installed in the routing table. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 08/12/2007 - 09:47

John, it is hard to tell without seeing the configs between asa and border router.., please post configs for forum to see and help.

johnsos Sun, 08/12/2007 - 19:45

Ooops here is my config hope it is enough. It also show the debug for both the border router and the ASA.

Border Router RIP Config

!

!

router rip

version 2

redistribute bgp 65002 metric 1 route-map DEFAULT_ONLY

passive-interface ATM1/0.1

passive-interface ATM1/0.2

passive-interface GigabitEthernet2/0

network 192.168.200.0

!

!

route-map DEFAULT_ONLY permit 10

match ip address 10

!

access-list 10 permit 0.0.0.0

debug on border router

Aug 12 22:27:59.731 cdt: RIP-DB: redist 0.0.0.0/0(metric 0) to RIP

Aug 12 22:27:59.731 cdt: RIP-DB: adding 0.0.0.0/0 (metric 1) via 204.147.83.189

on GigabitEthernet2/0 to RIP database

Aug 12 22:28:10.615 cdt: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0

(192.168.200.49)

Aug 12 22:28:10.615 cdt: RIP: Update contains 1 routes

Aug 12 22:28:10.615 cdt: RIP: Update queued

Aug 12 22:28:10.615 cdt: RIP: Update sent via FastEthernet0/0

ASA config

router rip

network 192.168.200.0

passive-interface dmz1

passive-interface inside

passive-interface intersite

version 2

no auto-summary

!

debug on ASA:

RIP: received v2 update from park-scrn-rtr-i on outside

0.0.0.00.0.0.0 via 0.0.0.0 in 1 hops

RIP: Update contains 1 routes

!

route outside 0.0.0.0 0.0.0.0 park-scrn-rtr-i 99

route intersite 0.0.0.0 0.0.0.0 172.31.254.242 100

access-list outside_access_in extended permit udp any eq rip interface outside eq rip

access-list outside_access_in extended permit udp any eq rip host ASA-1-Outside-Int eq rip

srue Sun, 08/12/2007 - 20:01

you already have two default routes on your asa device, both with administrative distances lower than RIP.

Can you explain what you're trying to accomplish?

johnsos Sun, 08/12/2007 - 20:06

Notice the metric though. As soon as the dynamic rip route shows up with a metric of 1 it should in theory take over or trump these routes. It work that why with the PIX anyway. So I'm making some assumptions.

srue Sun, 08/12/2007 - 20:08

a metric is different than administrative distance. The assigned RIP metric doesn't matter be/c the the other default routes with lower AD's are matched first in the selection process to see which routes go into the routing table.

johnsos Sun, 08/12/2007 - 20:31

Ok it must of worked a bit different than how we had it in the pix. Or I probably looked at it incorrectly I will have to look at the config for the pix again.

What I did was moved both static defaults to what the ASA calls METRIC in ASDM under configuration,device setup, static routes to 122 and 121 and then I started learning the route from RIP. Verified this by going to Monitoring, Routing, Routes here it does show both AD/Metric which makes sense to me. The ASDM gui was makeing me question METRIC. They should probably change this in the GUI. Workin now. Thanks for your help.

Actions

This Discussion