Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static Route

Answered Question
Jan 8th, 2010

Hello, I'm a little newbie with Routing Device,


I had several Public IP

I had a Cisco Pix 501and want to replace it by a Cisco SA540


my Wan IP on Pix 501 is 195.68.x.z
my Lan IP on Pix 501 is 62.23.a.b (and 62.23.a.c ,...)


My Pix 501 Translation rules is : inside interface|inside:any:0.0.0.0|outside interface| same as orginal address
My Pix 501 Static route : outside |Ip address 0.0.0.0|Netmask 0.0.0.0|Gateway IP 195.168.x.y|Metric 1


So when a computer with 62.23.a.X want to acces to internet the static route tell it to throuw the Gateway IP 195.168.x.y (as I undestand)

I have to replicate this config to my SA540

So via the Web GUI, I configure the Wan and Lan IP
, then in routing menu I check "Classical Routing" then I go to Static Menu in order to add the same route as in my Pix 501, but I can't put 0.0.0.0 in iP address nor in IP Subnet Mask.

Can anyone help me ?

Thanks a lot.

I have this problem too.
0 votes
Correct Answer by alissitz about 6 years 11 months ago

Well ... now that this is performing classical routing, basically you need to add whatever routes are needed for connectivity.  ;-)

Any internal networks will have to be route'able and you will also need a default route pointing to the uplink / service provider.

Does this make sense?  If you find this getting a little 'fuzzy', feel free to post follow up questions here or call a support rep via the link I pasted earlier in this post.

HTH,

Andrew

Correct Answer by alissitz about 6 years 11 months ago

Hello,

I hope this finds you doing well.  Just figured I would add a few minor things here ...

You probably saw this, however ... here is the link to the SA500 page:

https://www.myciscocommunity.com/docs/DOC-10526

Yes, when you configure the device as a router, then you have to configure all the routing.  You might try to remove the routes and readd them.

Also, a little off the subject, but if you wanted to stick with an ASA5505, there used to be a tool that would convert your PIX configus to ASA.  I do not remember where this link is now ... but it used to make the transition fairly simple.

After you configure the routing, from your internal machine, have you tried a trace route?  Upon which device does the traceroute fail?

In case you wish to speak to a support rep, here is the link to find the correct number:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

HTH,

Andrew Lee Lissitz

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Steven Smith Fri, 01/08/2010 - 10:16

The PIX and SA500 work differently and are configured differently.  Often, you don't configure a PIX and IOS in the same fashion because they use a different configuration.

From what I have read that you are trying to do.  The SA540 has a default route to go out through the WAN port.  If you look at the routing table under the diagnostics page, I think you will see a route with 0.0.0.0 and subnet of 0.0.0.0 going to the default GW of your router.

sysadminkxen Sun, 01/10/2010 - 10:38

Thanks Steven for you answer.

So you mean , for what I want, I don"t have to put a static route ? because when I check "Classical Routing" I don't have access to the Internet.

I think I forgot something.

sysadminkxen Mon, 01/11/2010 - 03:00

Whatever I set : NAT or CLASSICAL ROUTE my Router Options in Diagnostic menu is :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
127.0.0.1       localhost       255.255.255.255 UGH   1      0        0 lo
92.103.214.164  *               255.255.255.252 U     0      0        0 eth1
92.103.213.168  *               255.255.255.248 U     0      0        0 bdg1
92.103.213.168  roubaix         255.255.255.248 UG    1      0        0 bdg1
default         92.103.214.165  0.0.0.0         UG    0      0        0 eth1

when I select NAT I can access to the internet, when I select CLASSICAL ROUTE I don't have any access.

Correct Answer
alissitz Mon, 01/11/2010 - 07:36

Hello,

I hope this finds you doing well.  Just figured I would add a few minor things here ...

You probably saw this, however ... here is the link to the SA500 page:

https://www.myciscocommunity.com/docs/DOC-10526

Yes, when you configure the device as a router, then you have to configure all the routing.  You might try to remove the routes and readd them.

Also, a little off the subject, but if you wanted to stick with an ASA5505, there used to be a tool that would convert your PIX configus to ASA.  I do not remember where this link is now ... but it used to make the transition fairly simple.

After you configure the routing, from your internal machine, have you tried a trace route?  Upon which device does the traceroute fail?

In case you wish to speak to a support rep, here is the link to find the correct number:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

HTH,

Andrew Lee Lissitz

sysadminkxen Mon, 01/11/2010 - 08:45

Thank you Andrew for your answer.

I will check for the ASA 5505.

I don't have any static route, what route do I have to add ?

alissitz Mon, 01/11/2010 - 08:56

Hello,

Yep, the ASA product line is a very powerful FW, and I would suggest looking at this for any PIX replacement.

Here is the link for the user guide, look to the network / routing section:

http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA_500_Series_AG_OL-19114-01.pdf

This is a large pdf so it may take a few minutes to load.

Once you configure this device as classical routing, the SA500 will assume that you will configure the routing and so you will need to add the appropriate static routes.

Kindest regards,

Andrew

sysadminkxen Mon, 01/11/2010 - 09:02

Thanks, Andrew , this is my problem, which route do I have to add ?

Thanks for your help

Correct Answer
alissitz Mon, 01/11/2010 - 09:07

Well ... now that this is performing classical routing, basically you need to add whatever routes are needed for connectivity.  ;-)

Any internal networks will have to be route'able and you will also need a default route pointing to the uplink / service provider.

Does this make sense?  If you find this getting a little 'fuzzy', feel free to post follow up questions here or call a support rep via the link I pasted earlier in this post.

HTH,

Andrew

sysadminkxen Mon, 01/11/2010 - 09:41

Following your link I have called Cisco suport and opened a Ticket. Thanks

My service providers gateway assigned to me is 92.103.214.165. I have set this on my WAN settings. It works when using NAT.

But when I use Classical Routing, it doesn't work. On my old pix 501 I had only one Static Route :

Cisco_Pix_501.jpg

But on my Cisco SA540 I can't add 0.0.0.0 IP.

alissitz Mon, 01/11/2010 - 10:35

I read this earlier in the post ... not sure why you can't add a default route.  Might be best to wait till the support rep can look at this with you.  IMO, this should not be an issue ... unfortunately I do not have one here to test with.

Do please let me know how you make out with support.  Kindest regards,

Andrew

Actions

This Discussion

Related Content