Problem with route on ASA

Unanswered Question
May 27th, 2008

Dear all,


I would like to ask you about routing on ASA 5520.When i add command route on ASA it show message like this.

ASA(config)# route online 0.0.0.0 0.0.0.0 10.189.133.65

ERROR: Cannot add route entry, conflict with existing routes


I cannot find conflict route.


Best Regards,

Rechard_HK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 05/28/2008 - 10:58

The conflicting route is


route outside 0.0.0.0 0.0.0.0 10.200.15.221 1


You cannot add 2 default routes. You can enter a more specific route eg.


route online 172.16.0.0 255.255.0.0 10.189.133.65


Note - the above is just an example. But you cannot have 2 entries for the same route ie.


0.0.0.0 0.0.0.0


Jon

rechard_hk Wed, 05/28/2008 - 17:26

Dear Jon,


You mean on ASA not allow use many default route, right?Is it can use only one default route?this is the rule right?


Best Regards,

Rechard_hk

Jon Marshall Wed, 05/28/2008 - 23:36

Rechard


Apologies i should have been more specific. You can multiple default-routes with the same cost but they must go out the same interface - see link for more details:


http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ip.html#wp1047894


You can also have 2 default-routes with unequal cost ie.


route outside 0.0.0.0 0.0.0.0 10.200.15.221 1



You could then add your other default route with an admin distance higher than 1


route online 0.0.0.0 0.0.0.0 10.189.133.65 2


Note the number at the end of the route statements ie. 1 in your first statement and 2 in the second statement. The ASA will always use the route with an AD of 1.


Jon



rechard_hk Thu, 05/29/2008 - 17:42

Dear Jon,


Thanks you for your help,

Could i ask you one more question?

i would like to continuous as question above so i had ASA 5520 and i did configure VPN site to site. interface gi0/0 is outside, g0/1 is inside and gi 0/2 is online.

Interface outside and Online for VPN interface. so we i configure already is ok, but next to day it doesn't work( i mean it ont stable).Could you help me to check configuration on ASA as in the attach file.

Best Regards,

Rechard_HK



Actions

This Discussion