Vanishing routes from ASA Config

Unanswered Question
Mar 26th, 2009
User Badges:

Hello



Have An ASA with the following statements:

ASA Version 7.2(4)9


route Inside 10.1.1.50 255.255.255.255 Y.Y.Y.Y 1

route Inside 10.1.1.51 255.255.255.255 Y.Y.Y.Y 1

route Outside 10.1.0.0 255.255.0.0 X.X.X.X 1


Made a Change and only add The rule:

route Outside 10.1.1.0 255.255.255.0 X.X.X.X 1


About 30m after the change The folowing messages started appeared in Syslog:


%ASA-4-419002: Duplicate TCP SYN from Outside:Z.Z.Z.Z/Z to Outside:10.1.1.50/Z with different initial sequence number


And Outside Users cant go to 10.1.1.50 and 10.1.1.51

It was a loop possibly in the outside.


after Checking the config:

the Inside entries have disappeared from the Configuration:

route Inside 10.1.1.50 255.255.255.255 Y.Y.Y.Y 1

route Inside 10.1.1.51 255.255.255.255 Y.Y.Y.Y 1


Inserting the missing statements again in config solved the problem, no more disappearing routes after that:

route Inside 10.1.1.50 255.255.255.255 Y.Y.Y.Y 1

route Inside 10.1.1.51 255.255.255.255 Y.Y.Y.Y 1


Has anyone seen this behavior?

Seems very strange that route statements simply had disappeared from config.


Thanks in advance

TG

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
seibertmedia Fri, 03/27/2009 - 10:29
User Badges:

Hello,


the solution is simple. It seems, you are having the same or an overlapping subnet on the inside and outside interface. The dissappeared routes are hostroutes. If you are adding an route for an overlapping subnet, the devices thinks, this will be for the host routes too, an kick them for the config. After that, you can add them again. But, you shouldn't have overlapping subnets at different interfaces. It's dirty. Wondering why it's working....


Thomas

Actions

This Discussion