Static Route entry in asa 5505

Unanswered Question
Jul 19th, 2008
User Badges:

Hello:

I have pre configured a asa 5505 for internet and the problem I am having is when I run show route command my static route statement is missing from screen, even though when I run show conf I can see my default route in the asa configuration. I have deleted and readded the route entry and still no show. Am I missing something? Software version is 7.2(3) and this is brand new asa

If any body seen this problem please let me know, this is holding up the roll out.

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Sat, 07/19/2008 - 13:47
User Badges:
  • Gold, 750 points or more

show the output

sh run

sh route

007goldfinger Sat, 07/19/2008 - 14:31
User Badges:

I have done this, sh run indicates that a

static route exists as default route in my configuration

but when I run sh route the static route does not exist, it only show connected route.

Any idea on this?

007goldfinger Sat, 07/19/2008 - 14:54
User Badges:

I have checked the caveats in 7.2(3) it only shows that directly conencted route will be missing for the route table, exactly reverse of this problem I am having.

Any solution to this?

francisco_1 Sat, 07/19/2008 - 15:02
User Badges:
  • Gold, 750 points or more

have you tried adding the static route using ASDM?

007goldfinger Sat, 07/19/2008 - 15:08
User Badges:

Yes I have tried ASDM, CLI, saving the config

and reload. No luck. This should be a very simple case, adding the route and saving the config. When I attach the asa to the internet I can not go anywhere because of this problem, since there is no default route.

This is amazing so far?

francisco_1 Sat, 07/19/2008 - 15:16
User Badges:
  • Gold, 750 points or more

i would upgrade to the next code or version 8 and give it a go. shouldn't take you long to upgrade.

007goldfinger Sat, 07/19/2008 - 15:19
User Badges:

Do you suggest that:

Should I go to 7.2(4) or straight to 8.0(3)?

Thanks.

francisco_1 Sat, 07/19/2008 - 15:28
User Badges:
  • Gold, 750 points or more

i have used Version 8.0(2) including ASDM 6.(2) for a while now in production and no problems at all. not sure about 8.3.


give 8.0(2 a go.

007goldfinger Sat, 07/19/2008 - 22:53
User Badges:

If any body has any idea on this, I even upgraded to 8.0(2) and asdm and still no go.

what am I missing from this asa?

francisco_1 Sat, 07/19/2008 - 23:37
User Badges:
  • Gold, 750 points or more

Farshid,


please upload your config.

send us show version


and also your static route entry you are typing under CLI

007goldfinger Sat, 07/19/2008 - 23:45
User Badges:

I am still working on this.

Here is my config, very simple.

Result of the command: "sh version"


Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.0(3)


Compiled on Tue 06-Nov-07 22:59 by builders

System image file is "disk0:/asa803-k8.bin"

Config file at boot was "startup-config"


paasa up 10 mins 19 secs


Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB


Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 001d.7071.184a, irq 11

1: Ext: Ethernet0/0 : address is 001d.7071.1842, irq 255

2: Ext: Ethernet0/1 : address is 001d.7071.1843, irq 255

3: Ext: Ethernet0/2 : address is 001d.7071.1844, irq 255

4: Ext: Ethernet0/3 : address is 001d.7071.1845, irq 255

5: Ext: Ethernet0/4 : address is 001d.7071.1846, irq 255

6: Ext: Ethernet0/5 : address is 001d.7071.1847, irq 255

7: Ext: Ethernet0/6 : address is 001d.7071.1848, irq 255

8: Ext: Ethernet0/7 : address is 001d.7071.1849, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255


Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 3, DMZ Restricted

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 10

WebVPN Peers : 2

Dual ISPs : Disabled

VLAN Trunk Ports : 0

AnyConnect for Mobile : Disabled

AnyConnect for Linksys phone : Disabled

Advanced Endpoint Assessment : Disabled


This platform has a Base license.



Thanks.




Attachment: 
007goldfinger Sat, 07/19/2008 - 23:49
User Badges:

Here is the show route command:

Result of the command: "sh route"


Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route


Gateway of last resort is not set


C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback

C 10.254.254.0 255.255.255.0 is directly connected, inside


a.alekseev Sun, 07/20/2008 - 01:55
User Badges:
  • Gold, 750 points or more

I think your outside interface is down.


show the output

sh int vlan 2

sh int e0/0


francisco_1 Sun, 07/20/2008 - 05:50
User Badges:
  • Gold, 750 points or more

your outside interface is missing. check and make sure the outside interface is active, if not your static routes will not appear.


also why are u using vlan interfaces? is this a requirments?



007goldfinger Sun, 07/20/2008 - 07:51
User Badges:

Hi:

Here is silly question, does the static route only show when it is connected to the wna port?

What do you mean using vlan interfaces, this is the default config which I started using?

Thanks.

a.alekseev Sun, 07/20/2008 - 09:18
User Badges:
  • Gold, 750 points or more

you can see your static route in the output of "sh route" command when one of the ports, associated with outside vlan is active "up".

Actions

This Discussion