Where does the extra outside route come from?

Answered Question
Dec 6th, 2013
User Badges:

VPN-ASA5505# sh route inside



Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route



Gateway of last resort is <IP address> to network 0.0.0.0



S    172.16.55.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    192.168.174.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.43.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.32.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.225.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.35.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.8.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.9.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.10.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.12.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.2.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.160.0.0 255.255.0.0 [1/0] via 10.161.0.1, inside

C    10.161.0.0 255.255.0.0 is directly connected, inside

S    10.162.7.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.30.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.19.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.20.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.21.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.110.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.99.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.95.0 255.255.255.0 [1/0] via 10.161.0.1, inside

VPN-ASA5505#

VPN-ASA5505#

VPN-ASA5505# sh route outside



Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route



Gateway of last resort is <IP address> to network 0.0.0.0



S    10.92.1.1 255.255.255.255 [1/0] via <IP address>, outside

C    <IP address> 255.255.255.224 is directly connected, outside

S*   0.0.0.0 0.0.0.0 [1/0] via <IP address>, outside

VPN-ASA5505#

VPN-ASA5505#


VPN-ASA5505# sh run | incl route

route outside 0.0.0.0 0.0.0.0 <IP address> 1

route inside 10.1.32.0 255.255.255.0 10.161.0.1 1

route inside 10.1.43.0 255.255.255.0 10.161.0.1 1

route inside 10.160.0.0 255.255.0.0 10.161.0.1 1

route inside 10.162.2.0 255.255.255.0 10.161.0.1 1

route inside 10.162.7.0 255.255.255.0 10.161.0.1 1

route inside 10.162.8.0 255.255.255.0 10.161.0.1 1

route inside 10.162.9.0 255.255.255.0 10.161.0.1 1

route inside 10.162.10.0 255.255.255.0 10.161.0.1 1

route inside 10.162.12.0 255.255.255.0 10.161.0.1 1

route inside 10.162.19.0 255.255.255.0 10.161.0.1 1

route inside 10.162.20.0 255.255.255.0 10.161.0.1 1

route inside 10.162.21.0 255.255.255.0 10.161.0.1 1

route inside 10.162.30.0 255.255.255.0 10.161.0.1 1

route inside 10.162.35.0 255.255.255.0 10.161.0.1 1

route inside 10.162.95.0 255.255.255.0 10.161.0.1 1

route inside 10.162.99.0 255.255.255.0 10.161.0.1 1

route inside 10.162.110.0 255.255.255.0 10.161.0.1 1

route inside 10.162.225.0 255.255.255.0 10.161.0.1 1

route inside 172.16.55.0 255.255.255.0 10.161.0.1 1

route inside 192.168.174.0 255.255.255.0 10.161.0.1 1

VPN-ASA5505#

Correct Answer by Julio Carvajal about 3 years 8 months ago

Hello,


From Reverse Route Injection VPN  I guess




Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Sal Robertson Fri, 12/06/2013 - 08:18
User Badges:

But wouldn't that being configured show up in the configuration? I don't see reverse route injection anywhere... What does the command look like?

Julio Carvajal Fri, 12/06/2013 - 08:28
User Badges:
  • Purple, 4500 points or more

Hello,


Show run | include reverse-route



10.92.1.1 belongs to which IP address pool? REmote IPsec users or Anyconnect?


Anyconnect by default has RR with no configuration needed



Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Sal Robertson Fri, 12/06/2013 - 08:29
User Badges:

VPN-ASA5505# sh run | incl reverse-route

VPN-ASA5505#


I am guessing it's Anyconnect. Not sure how to tell that,either.... #FirewallNovice....

Sal Robertson Fri, 12/06/2013 - 08:38
User Badges:

That would be yes. Thanks.


VPN-ASA5505# sh run | incl webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

tunnel-group AnyConnect webvpn-attributes

Actions

This Discussion