Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA static route Administrative Distance

Hello Dear Engineers,

In Cisco ASA 8.2(5) version  I configured Static Route Floating with different Administrative Distances (for example, 10) , but IOS cannot accept this parameter.   for verifying, show route command  result shows  administrative distance as 1 .

Configuration example:

ip route 10.0.0.0 255.255.255.0 192.168.1.1 1 track 1

ip route 10.0.0.0 255.255.255.0 192.168.2.1 10 

 

S   10.0.0.0 255.255.255.0 [1/0] via 192.168.2.1, outside2

 

Is this the bug of the IOS, or may-be I misconfigured something? 

 

 

Thanks in advance.

 

 

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions

Hi Samir,Even Pix 8.0 version

Hi Samir,

Even Pix 8.0 version shows the correct ad value defined..... might be that would be a bug or misconfiguration from your end.

pixfirewall(config-if)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 1.1.1.2 to network 0.0.0.0

C    1.1.1.0 255.255.255.0 is directly connected, out1
C    2.2.2.0 255.255.255.0 is directly connected, out2
S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.1.2, out1
pixfirewall(config-if)# shut
pixfirewall(config-if)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

C    2.2.2.0 255.255.255.0 is directly connected, out2
S*   0.0.0.0 0.0.0.0 [100/0] via 2.2.2.2, out2
pixfirewall(config-if)#

 

Regards

Karthik

 

11 REPLIES
Hall of Fame Super Silver

I doubt that it is a bug. I

I doubt that it is a bug. I see at least two ways in which you have misconfigured something.

- configuring a static route on the ASA requires that you specify the outbound interface in the ip route command, which you have not done.

- I have checked the config guide of 8.2 and I do not find any option for track which is part of the config that you show.

 

Given that the config statements that you show are invalid on ASA I am not clear how the entry got into the routing table of the ASA and whether it was entered with distance of 10 or not. I did find this example in the documentation which seems to indicate that a static correctly configured with a higher distance will have that distance show up in the output of show route

S 10.1.1.0 255.255.255.0 [3/0] via 10.86.194.1, outside

 

HTH

 

Rick

VIP Purple

Hi Rick,route-tracking is

Hi Rick,

route-tracking is also available in 8.2 (if I remember right, it was added to ASA v7.2):

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/route_static.html#wp1119813

-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Hall of Fame Super Silver

Karsten Thank you for adding

Karsten

 

Thank you for adding something that I did not know about the ASA - and +5 for the contribution. When I looked in the config guide I did not see the track option in the explanation of configuring static routes. I see that I should have looked further and found the later section that discussed how to add the track feature to a static route.

 

HTH

 

Rick

New Member

Sorry.here I typed static

Sorry.

here I typed static routing command manually, I forgot about interfaces: 

 

route outside1 10.0.0.0 255.255.255.0 192.168.1.1  1  track 1

route outside2 10.0.0.0 255.255.255.0 192.168.2.1  10

VIP Purple

That's exactly how it should

That's exactly how it should work. Please show the resulting routing table.

-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

S 10.0.0.0 255.255.255.0 [1

S   10.0.0.0 255.255.255.0 [1/0] via 192.168.2.1, outside2

1. After getting down primary link, route through backup link comes up. Than is okey.

BUT

Seems the ASA couldnot accept Administrative Distance parameter for backup route, which AD is 10 .  

  it must shown like as [10/0]

 

Hi Samir, It happens you

Hi Samir,

 

It happens you expect when configure the backup route for a same interface..... with AD... if you do that for a backup interface say outside2 as per your scenario will take it as 1... since you do not have anyother default route for outside2 interface..... It considers as per the standard..... hope it clarifies your doubt..... All based on assumption... but it not happens in 8.4 version... even it shows the backup route...... it shows with the defined AD.

 

 

Regards

Karthik

Hi Samir,Even Pix 8.0 version

Hi Samir,

Even Pix 8.0 version shows the correct ad value defined..... might be that would be a bug or misconfiguration from your end.

pixfirewall(config-if)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 1.1.1.2 to network 0.0.0.0

C    1.1.1.0 255.255.255.0 is directly connected, out1
C    2.2.2.0 255.255.255.0 is directly connected, out2
S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.1.2, out1
pixfirewall(config-if)# shut
pixfirewall(config-if)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

C    2.2.2.0 255.255.255.0 is directly connected, out2
S*   0.0.0.0 0.0.0.0 [100/0] via 2.2.2.2, out2
pixfirewall(config-if)#

 

Regards

Karthik

 

New Member

Dears, I've found the root

Dears, 

I've found the root couse. 

The route cause was -  Reverse-Route-Injection for site-to-site VPN

Static routes for interesting remote LAN subnets (10.0.0.0/24) was added automatically to the routing table by crypto map RRI feature.

so I deleted   'crypto map outside_map 1 set reverse-route'  command. 

And problem has been solved.

 

Thank you all.  

Sorry for inconvenience.

 

520
Views
5
Helpful
11
Replies
This widget could not be displayed.