01-17-2010 06:01 PM - edited 03-09-2019 10:47 PM
Hi,
I'm looking at possibility route a subnet from outside interface to another interface.
I have ASA 5510 with Software Version 8.2(1)
My scenario like this,
I have IP subnet let say 1.1.1.192 Mask 255.255.255.192 and another 1.2.2.32 mask 255.255.255.224
Firewall outside Interface is 1.2.2.62.
Inside used same IP as outside Interface to access Internet.
DMZ used IP address from 1.1.1.200 to 1.1.1.221.
Now I have another network using IP address range 1.1.1.227 to 1.1.1.254. Is that possible to route IP address range 1.1.1.225 255.255.254 to another interface?
I wanted to route even if I could not get firewall features for this interface.
I could not make the firewall transparent since VPN not possible.
Thank you,
01-19-2010 07:56 AM
Malik,
You can do what you are trying to do
The 1.1.1.224/27 overlaps with the 1.1.1.192/25, but it is more explicit so it will take precedence.
Outputs will look like
ASA-5505(config)# sh route
...
S 1.1.1.192 255.255.255.192 [1/0] via 192.168.1.2, inside
S 1.1.1.224 255.255.255.224 [1/0] via 172.18.254.1, outside
...
ASA-5505(config)# sh run route
...
route inside 1.1.1.192 255.255.255.192 192.168.1.2 1
route outside 1.1.1.224 255.255.255.224 172.18.254.1 1
I hope it helps.
PK
01-24-2010 08:43 PM
Hello pkampana,
Didn't work for me. look like I'm doing something wrong.
I'm getting message
ERROR: Cannot add route, connected route exists
At the moment only exist route is
route outside 0.0.0.0 0.0.0.0 gw 1
Can you please let me know the commands you used.
Thank you,
01-25-2010 05:39 AM
If you are adding a static route foa a subnet that is already directly connected to your ASA on one of its interface with the sane sybnet mask, it will not let you, it will complain.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: