My ASA is not installing dynamic routes into its routing table.

Unanswered Question
Aug 11th, 2007
User Badges:

Our border router is sending a default route only but our ASA is not learning the route. We have run debugs and we have verified that it is being seen by the ASA but the route is not being installed in the routing table. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sun, 08/12/2007 - 09:47
User Badges:
  • Green, 3000 points or more

John, it is hard to tell without seeing the configs between asa and border router.., please post configs for forum to see and help.

johnsos Sun, 08/12/2007 - 19:45
User Badges:

Ooops here is my config hope it is enough. It also show the debug for both the border router and the ASA.

Border Router RIP Config



router rip

version 2

redistribute bgp 65002 metric 1 route-map DEFAULT_ONLY

passive-interface ATM1/0.1

passive-interface ATM1/0.2

passive-interface GigabitEthernet2/0




route-map DEFAULT_ONLY permit 10

match ip address 10


access-list 10 permit

debug on border router

Aug 12 22:27:59.731 cdt: RIP-DB: redist 0) to RIP

Aug 12 22:27:59.731 cdt: RIP-DB: adding (metric 1) via

on GigabitEthernet2/0 to RIP database

Aug 12 22:28:10.615 cdt: RIP: sending v2 update to via FastEthernet0/0


Aug 12 22:28:10.615 cdt: RIP: Update contains 1 routes

Aug 12 22:28:10.615 cdt: RIP: Update queued

Aug 12 22:28:10.615 cdt: RIP: Update sent via FastEthernet0/0

ASA config

router rip


passive-interface dmz1

passive-interface inside

passive-interface intersite

version 2

no auto-summary


debug on ASA:

RIP: received v2 update from park-scrn-rtr-i on outside via in 1 hops

RIP: Update contains 1 routes


route outside park-scrn-rtr-i 99

route intersite 100

access-list outside_access_in extended permit udp any eq rip interface outside eq rip

access-list outside_access_in extended permit udp any eq rip host ASA-1-Outside-Int eq rip

srue Sun, 08/12/2007 - 20:01
User Badges:
  • Blue, 1500 points or more

you already have two default routes on your asa device, both with administrative distances lower than RIP.

Can you explain what you're trying to accomplish?

johnsos Sun, 08/12/2007 - 20:06
User Badges:

Notice the metric though. As soon as the dynamic rip route shows up with a metric of 1 it should in theory take over or trump these routes. It work that why with the PIX anyway. So I'm making some assumptions.

srue Sun, 08/12/2007 - 20:08
User Badges:
  • Blue, 1500 points or more

a metric is different than administrative distance. The assigned RIP metric doesn't matter be/c the the other default routes with lower AD's are matched first in the selection process to see which routes go into the routing table.

johnsos Sun, 08/12/2007 - 20:31
User Badges:

Ok it must of worked a bit different than how we had it in the pix. Or I probably looked at it incorrectly I will have to look at the config for the pix again.

What I did was moved both static defaults to what the ASA calls METRIC in ASDM under configuration,device setup, static routes to 122 and 121 and then I started learning the route from RIP. Verified this by going to Monitoring, Routing, Routes here it does show both AD/Metric which makes sense to me. The ASDM gui was makeing me question METRIC. They should probably change this in the GUI. Workin now. Thanks for your help.


This Discussion