cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1131
Views
0
Helpful
6
Replies

My ASA is not installing dynamic routes into its routing table.

johnsos
Level 1
Level 1

Our border router is sending a default route only but our ASA is not learning the route. We have run debugs and we have verified that it is being seen by the ASA but the route is not being installed in the routing table. Any ideas?

6 Replies 6

JORGE RODRIGUEZ
Level 10
Level 10

John, it is hard to tell without seeing the configs between asa and border router.., please post configs for forum to see and help.

Jorge Rodriguez

johnsos
Level 1
Level 1

Ooops here is my config hope it is enough. It also show the debug for both the border router and the ASA.

Border Router RIP Config

!

!

router rip

version 2

redistribute bgp 65002 metric 1 route-map DEFAULT_ONLY

passive-interface ATM1/0.1

passive-interface ATM1/0.2

passive-interface GigabitEthernet2/0

network 192.168.200.0

!

!

route-map DEFAULT_ONLY permit 10

match ip address 10

!

access-list 10 permit 0.0.0.0

debug on border router

Aug 12 22:27:59.731 cdt: RIP-DB: redist 0.0.0.0/0(metric 0) to RIP

Aug 12 22:27:59.731 cdt: RIP-DB: adding 0.0.0.0/0 (metric 1) via 204.147.83.189

on GigabitEthernet2/0 to RIP database

Aug 12 22:28:10.615 cdt: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0

(192.168.200.49)

Aug 12 22:28:10.615 cdt: RIP: Update contains 1 routes

Aug 12 22:28:10.615 cdt: RIP: Update queued

Aug 12 22:28:10.615 cdt: RIP: Update sent via FastEthernet0/0

ASA config

router rip

network 192.168.200.0

passive-interface dmz1

passive-interface inside

passive-interface intersite

version 2

no auto-summary

!

debug on ASA:

RIP: received v2 update from park-scrn-rtr-i on outside

0.0.0.00.0.0.0 via 0.0.0.0 in 1 hops

RIP: Update contains 1 routes

!

route outside 0.0.0.0 0.0.0.0 park-scrn-rtr-i 99

route intersite 0.0.0.0 0.0.0.0 172.31.254.242 100

access-list outside_access_in extended permit udp any eq rip interface outside eq rip

access-list outside_access_in extended permit udp any eq rip host ASA-1-Outside-Int eq rip

you already have two default routes on your asa device, both with administrative distances lower than RIP.

Can you explain what you're trying to accomplish?

johnsos
Level 1
Level 1

Notice the metric though. As soon as the dynamic rip route shows up with a metric of 1 it should in theory take over or trump these routes. It work that why with the PIX anyway. So I'm making some assumptions.

a metric is different than administrative distance. The assigned RIP metric doesn't matter be/c the the other default routes with lower AD's are matched first in the selection process to see which routes go into the routing table.

Ok it must of worked a bit different than how we had it in the pix. Or I probably looked at it incorrectly I will have to look at the config for the pix again.

What I did was moved both static defaults to what the ASA calls METRIC in ASDM under configuration,device setup, static routes to 122 and 121 and then I started learning the route from RIP. Verified this by going to Monitoring, Routing, Routes here it does show both AD/Metric which makes sense to me. The ASDM gui was makeing me question METRIC. They should probably change this in the GUI. Workin now. Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: