ASA next hop for local networks

Lets say I have the following topology.


There arer 3 stacks of 3750 at each building. The core switch/router in our network is at location B. The way it was originally setup

is every L3 device has an ip address for each lan. So let's say we have VLAN 200 withnetwork The DataCenter would

be assigned (, Building B would be assigned (, and Building A would be assigned ( I'm

configuring the DC and BA to be L2 only and Building B to be the only real router in the network besides a few ASAs. When I ran a 'no ip address'

on the vlan interface on Building A, the internet connectivity for dies, but local connectivity is fine. After doing some research

and troubleshooting, I found out that if I set the next hop on the ASA for the local networks for an IP address on building B everything works perfectly.

The way the routes on the ASA are setup for local networks are as follows.

All local networks have ip route localnetwork mask x.110.215.17. This address is the IP address of the inside interface on the ASA.

Now, when I kill the IP address on the vlan interface on Building A internet connectivity goes down, while the next hop is still pointed

to this address, BUT if I give it a next hop of the vlan interface ip address on B everything works fine. Now, I can easily fix this, I was

just wondering why this is happening?


Thats the way it should work . You can have L3 interface either on ASA or L3 Switch or Router.

Lets say you kill the interface IP on BA mean that switch become L2 switch then L3 gateway should be on ASA using the same range IP on ASA.In this case ARP will come on ASA.

2nd option if you have L3 on switch then rest of the host will pionint this as default gateway and ASA will have diffrent subnet IP on interface then routing should be there on ASA. In this case ARP will come on L3 Switch.



