Can not route inside to DMZ for access internet

Unanswered Question
Sep 11th, 2009
User Badges:

Dear All


i would like to ask you some question about ASA 5510.

Let me tell you on interface ASA:

interface E0/0 is outside

interface E0/1 is inside

interface E0/2 is DMZ (internet)


my problem is: i cannot route on inside to DMZ ..

wheni i type route command it show as below:


HQ-ASA5510(config)# route DMZ 192.168.0.0 255.255.255.0 115.178.25.145

ERROR: Cannot add route, connected route exists


Note: i all ask bellow:

-route outside 0.0.0.0 0.0.0.0 10.10.10.1


For DMZ i don't know how to route ?

Let me how can i solve this issue?

Please see in the attach file


Best Regards,

Rechard



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rechard_david Sat, 09/12/2009 - 19:13
User Badges:

Dear andrew,


The first, this device i used VPN connection (it not internet connection,just bridgh conneciton only)(int e0/0 for outside), but now i want to use internet so i have to create one more interface like DMZ on port int e0/2.

So how can i do inside can go out internet connection?


Best Regards,

Rechard

rechard_david Mon, 09/14/2009 - 02:07
User Badges:

Dear all and andrew,


Any one do you have any solution?


Best Regards,

Norung

Jon Marshall Mon, 09/14/2009 - 03:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Norung


Not sure what this route is meant to do -


route DMZ 192.168.0.0 255.255.255.0 115.178.25.145


that says, to get to the 192.168.0.0/24 go out of the DMZ to 115.178.25.145


clearly that's not right. Also there is no mention of the 115.178.25.145 address on your diagram.


Regardless of the above you will have to use a default route to get to the Internet so


route DMZ 0.0.0.0 0.0.0.0


If you are already using the default route and it looks like you might be ie.


"Note: i all ask bellow:

-route outside 0.0.0.0 0.0.0.0 10.10.10.1"


then you can't use that one. The default route has to be used for the Internet, unless you want to add routes for every single Internet destination !!!!


So you will have to add specific routes for your branch sites.


Jon

Actions

This Discussion