cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
0
Helpful
3
Replies

Possibility route a subnet from outside interface to another interface?

Hi,

I'm looking at possibility route a subnet from outside interface to another interface.

I have ASA 5510 with Software Version 8.2(1)

My scenario like this,

I have IP subnet let say 1.1.1.192 Mask 255.255.255.192 and another 1.2.2.32 mask 255.255.255.224

Firewall outside Interface is 1.2.2.62.

Inside used same IP as outside Interface to access Internet.

DMZ used IP address from 1.1.1.200 to 1.1.1.221.

Now I have another network using IP address  range 1.1.1.227 to 1.1.1.254. Is that possible to route  IP address range 1.1.1.225 255.255.254 to another interface?

I wanted to route even if I could not get firewall features for this interface.

I could not make the firewall transparent since VPN not possible.

Thank you,

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

Malik,

You can do what you are trying to do

The 1.1.1.224/27 overlaps with the 1.1.1.192/25, but it is more explicit so it will take precedence.

Outputs will look like

ASA-5505(config)# sh route

...

S    1.1.1.192 255.255.255.192 [1/0] via 192.168.1.2, inside

S    1.1.1.224 255.255.255.224 [1/0] via 172.18.254.1, outside

...

ASA-5505(config)# sh run route
...
route inside 1.1.1.192 255.255.255.192 192.168.1.2 1
route outside 1.1.1.224 255.255.255.224 172.18.254.1 1

I hope it helps.

PK

Hello pkampana,

Didn't work for me. look like I'm doing something wrong.

I'm getting message
ERROR: Cannot add route, connected route exists

At the moment only exist route is

route outside 0.0.0.0 0.0.0.0 gw 1

Can you please let me know the commands you used.

Thank you,

If you are adding a static route foa a subnet that is already directly connected to your ASA on one of its interface with the sane sybnet mask, it will not let you, it will complain.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: