Problem with route on ASA

Unanswered Question
May 27th, 2008

Dear all,

I would like to ask you about routing on ASA 5520.When i add command route on ASA it show message like this.

ASA(config)# route online 0.0.0.0 0.0.0.0 10.189.133.65

ERROR: Cannot add route entry, conflict with existing routes

I cannot find conflict route.

Best Regards,

Rechard_HK

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 05/28/2008 - 10:58

The conflicting route is

route outside 0.0.0.0 0.0.0.0 10.200.15.221 1

You cannot add 2 default routes. You can enter a more specific route eg.

route online 172.16.0.0 255.255.0.0 10.189.133.65

Note - the above is just an example. But you cannot have 2 entries for the same route ie.

0.0.0.0 0.0.0.0

Jon

rechard_hk Wed, 05/28/2008 - 17:26

Dear Jon,

You mean on ASA not allow use many default route, right?Is it can use only one default route?this is the rule right?

Best Regards,

Rechard_hk

Jon Marshall Wed, 05/28/2008 - 23:36

Rechard

Apologies i should have been more specific. You can multiple default-routes with the same cost but they must go out the same interface - see link for more details:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ip.html#wp1047894

You can also have 2 default-routes with unequal cost ie.

route outside 0.0.0.0 0.0.0.0 10.200.15.221 1

You could then add your other default route with an admin distance higher than 1

route online 0.0.0.0 0.0.0.0 10.189.133.65 2

Note the number at the end of the route statements ie. 1 in your first statement and 2 in the second statement. The ASA will always use the route with an AD of 1.

Jon

rechard_hk Thu, 05/29/2008 - 17:42

Dear Jon,

Thanks you for your help,

Could i ask you one more question?

i would like to continuous as question above so i had ASA 5520 and i did configure VPN site to site. interface gi0/0 is outside, g0/1 is inside and gi 0/2 is online.

Interface outside and Online for VPN interface. so we i configure already is ok, but next to day it doesn't work( i mean it ont stable).Could you help me to check configuration on ASA as in the attach file.

Best Regards,

Rechard_HK

Actions

This Discussion