Possibility route a subnet from outside interface to another interface?

Unanswered Question
Jan 17th, 2010

Hi,

I'm looking at possibility route a subnet from outside interface to another interface.

I have ASA 5510 with Software Version 8.2(1)

My scenario like this,

I have IP subnet let say 1.1.1.192 Mask 255.255.255.192 and another 1.2.2.32 mask 255.255.255.224

Firewall outside Interface is 1.2.2.62.

Inside used same IP as outside Interface to access Internet.

DMZ used IP address from 1.1.1.200 to 1.1.1.221.

Now I have another network using IP address  range 1.1.1.227 to 1.1.1.254. Is that possible to route  IP address range 1.1.1.225 255.255.254 to another interface?

I wanted to route even if I could not get firewall features for this interface.

I could not make the firewall transparent since VPN not possible.

Thank you,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Tue, 01/19/2010 - 07:56

Malik,

You can do what you are trying to do

The 1.1.1.224/27 overlaps with the 1.1.1.192/25, but it is more explicit so it will take precedence.

Outputs will look like

ASA-5505(config)# sh route

...

S    1.1.1.192 255.255.255.192 [1/0] via 192.168.1.2, inside

S    1.1.1.224 255.255.255.224 [1/0] via 172.18.254.1, outside

...

ASA-5505(config)# sh run route
...
route inside 1.1.1.192 255.255.255.192 192.168.1.2 1
route outside 1.1.1.224 255.255.255.224 172.18.254.1 1

I hope it helps.

PK

transfieldservices Sun, 01/24/2010 - 20:43

Hello pkampana,

Didn't work for me. look like I'm doing something wrong.

I'm getting message
ERROR: Cannot add route, connected route exists

At the moment only exist route is

route outside 0.0.0.0 0.0.0.0 gw 1

Can you please let me know the commands you used.

Thank you,

Panos Kampanakis Mon, 01/25/2010 - 05:39

If you are adding a static route foa a subnet that is already directly connected to your ASA on one of its interface with the sane sybnet mask, it will not let you, it will complain.

PK

Actions

This Discussion