I am trying to get to a network via a particular interface ( a firewall)
But it seems the static route in place is not covering it.
The network/host i want to reach is
L3CAT#sh ip route 172.20.111.100
Routing entry for 172.20.111.0/24
Known via "ospf 722", distance 110, metric 1
Tag 65000, type extern 2, forward metric 1
Last update from 192.168.1.3 on Vlan101, 1d07h ago
Routing Descriptor Blocks:
* 192.168.1.3, from 192.168.1.3, 1d07h ago, via Vlan101
Route metric is 1, traffic share count is 1
Route tag 65000
But we also have this static route statement in place..which is pointing to the interface i want to use..(172.20.3.4)
Wouldn't this statement (ip route 172.20.0.0 255.255.0.0) cover the 111.0 network?
ip route 172.20.0.0 255.255.0.0 172.20.3.4
ip route 172.20.230.0 255.255.255.0 172.20.3.12
ip route 172.30.0.0 255.255.0.0 192.168.254.2
ip route 192.168.0.0 255.255.255.240 192.168.254.2
ip route 192.168.0.96 255.255.255.224 192.168.254.2
L3CAT>sh ip route 172.20.0.0
Routing entry for 172.20.0.0/16, 31 known subnets
Attached (3 connections)
Variably subnetted with 5 masks
Redistributing via ospf 722
I am not clear whether you want a route for the network or for a host. Your original post says:"The network/host i want to reach is 172.20.111.100". Perhaps you can clarify whether you are concerned about reaching only this host via the firewall or whether it is the network?
John is on exactly the right track. Your static route is for a /16. But you have a more specific /24 route from OSPF. And the more specific route is always preferred over a less specific route.
If you are concerned about reaching the entire network via the firewall then John's suggestion is exactly right. If you are concerned about the host then you need a specific host static route (/32).
I don't have a router to test, but this is probably due to the longest match rule. You should specifically set:
172.20.111.0 255.255.255.0 172.20.3.4 and that should solve your problem.