Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7694
Views
0
Helpful
10
Replies

Problem with route on ASA

rechard_hk
Level 1
Level 1

‎05-27-2008 06:35 PM

Dear all,

I would like to ask you about routing on ASA 5520.When i add command route on ASA it show message like this.

ASA(config)# route online 0.0.0.0 0.0.0.0 10.189.133.65

ERROR: Cannot add route entry, conflict with existing routes

I cannot find conflict route.

Best Regards,

Rechard_HK

1 person had this problem
Labels:
0 Helpful
10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

‎05-27-2008 08:14 PM

Rechard

Could you post the ASA routing table please ?

Jon

0 Helpful

rechard_hk
Level 1
Level 1
In response to Jon Marshall

‎05-28-2008 12:17 AM

Dear Jon,

This is configuration.

Please see in the attach file.

Best Regards,

Rechard_hk

Preview file
4 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎05-28-2008 10:58 AM

The conflicting route is

route outside 0.0.0.0 0.0.0.0 10.200.15.221 1

You cannot add 2 default routes. You can enter a more specific route eg.

route online 172.16.0.0 255.255.0.0 10.189.133.65

Note - the above is just an example. But you cannot have 2 entries for the same route ie.

0.0.0.0 0.0.0.0

Jon

0 Helpful

rechard_hk
Level 1
Level 1
In response to Jon Marshall

‎05-28-2008 05:26 PM

Dear Jon,

You mean on ASA not allow use many default route, right?Is it can use only one default route?this is the rule right?

Best Regards,

Rechard_hk

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to rechard_hk

‎05-28-2008 11:36 PM

Rechard

Apologies i should have been more specific. You can multiple default-routes with the same cost but they must go out the same interface - see link for more details:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ip.html#wp1047894

You can also have 2 default-routes with unequal cost ie.

route outside 0.0.0.0 0.0.0.0 10.200.15.221 1

You could then add your other default route with an admin distance higher than 1

route online 0.0.0.0 0.0.0.0 10.189.133.65 2

Note the number at the end of the route statements ie. 1 in your first statement and 2 in the second statement. The ASA will always use the route with an AD of 1.

Jon

0 Helpful

rechard_hk
Level 1
Level 1
In response to Jon Marshall

‎05-29-2008 05:42 PM

Dear Jon,

Thanks you for your help,

Could i ask you one more question?

i would like to continuous as question above so i had ASA 5520 and i did configure VPN site to site. interface gi0/0 is outside, g0/1 is inside and gi 0/2 is online.

Interface outside and Online for VPN interface. so we i configure already is ok, but next to day it doesn't work( i mean it ont stable).Could you help me to check configuration on ASA as in the attach file.

Best Regards,

Rechard_HK

Preview file
4 KB
0 Helpful

MMG
Level 1
Level 1

‎07-13-2018 07:39 AM

Hi there

I am currently facing the same problem. 

I went through all answers but I really don't get exactly what  should I do as to rectify this problem

0 Helpful

rasmus.elmholt
Level 7
Level 7
In response to MMG

‎08-09-2019 07:27 PM

Hi MMG

The problem is that it is not possible to create two identical routes(the default route/0.0.0.0/0) with the same administrativ Distance out of two different interfaces(outside & online) in this scenario.
The ASA does not support ECMP(Equal cost multi-pathing) across multiple interfaces
0 Helpful

cmuamb
Level 1
Level 1

‎10-18-2023 09:59 AM

Hi Team

I'm coming in this chat with the same issue.
I have two ISP and I would like to create two separate routes with my ASA5515
Any help from you

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to cmuamb

‎10-18-2023 10:01 AM

Make new post for your issue 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents