Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM DOUBLE DEFAULT ROUTE

HI,

i want to know if is correct this configuration for FWSM routeing.

i have a router 7200 with a lot of nekwork. Default route to internet a FWSM inside a Catalyst 6509. Catalyst and Rotuer use EIGRP to change routing table.

i use on the FWSM this routing is correct?

route outside 0.0.0.0 0.0.0.0 X.X.X.X 1

route inside 0.0.0.0 0.0.0.0 10.1.X.X 1

Where X.X.X.X is the ip of ISP router and 10.1.X.X 1 is the ip of the router.

Is correct?

Do you think is better to configure a ip to the VLAN XYZ interface on the switch and change route inside 0 0 --> ip vlan interface switch.

VLAN XYZ is the same vlan configured in the inside interface of FWSM

If my description is hard to understand say me something.

Thanks  a lot best regards.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: FWSM DOUBLE DEFAULT ROUTE

If I understand your diagram router on FWSM to the inside should be poiting to 10.1.1.2

Marcin

7 REPLIES
Cisco Employee

Re: FWSM DOUBLE DEFAULT ROUTE

It's been a while since I played with routing on FWSM but I'm pretty sure your routing is not correct and only first entry should count (check "show route" ...)

Unless the FWSM is in transparent more in which case it should not matter.

If it's in routed mode (and single) how about have a default route towards the internet and running EIGRP also on FWSM?

Marcin

P.S.

If you can draw a simple topology it would be more understandable.

Community Member

Re: FWSM DOUBLE DEFAULT ROUTE

I have Atteched the file .

thanks a lot for the support

Community Member

Re: FWSM DOUBLE DEFAULT ROUTE

FWSM is in routed mode and have 2 context my company must manage one context.

Cisco Employee

Re: FWSM DOUBLE DEFAULT ROUTE

Honestly in your case I would be using:

route inside 192.168.0.0 255.255.0.0 (catalyst_IP)

route inside 172.16.0.0 255.224.0.0 (catalyst_IP)

route inside 10.0.0.0 255.0.0.0 (catalyst_IP)


Through DMZ I would use either specific subnets (more specific then inside routes) or only connected.

And one default route via outside.

Marcin

Community Member

Re: FWSM DOUBLE DEFAULT ROUTE

Ip Catalyst vip or VLAN interface ip of the vlan where is defined the inside interface of FWSM ?

thanks a lot

Cisco Employee

Re: FWSM DOUBLE DEFAULT ROUTE

If I understand your diagram router on FWSM to the inside should be poiting to 10.1.1.2

Marcin

Community Member

Re: FWSM DOUBLE DEFAULT ROUTE

thanks a lot

551
Views
0
Helpful
7
Replies
CreatePlease to create content