Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
3
Replies

Static Route Issue in ASA

chaitanya_kodag
Level 1
Level 1

‎10-16-2014 02:30 AM - edited ‎03-11-2019 09:56 PM

Hello Friends,

I am New to ASA world and need your help.I was working on a issue were we found that thier is one particular static route entry in ASA routing table.

We checked the running-configuration but did not find any entry in running-config for this particular route.It is an very specific route to host /32.I am not sure how that particular route is getting injected in ASA routing table.

This is a Multicontext   firewall and route is seen one particular context and ASA IOS is 9.1. Can any one help me out here.

 

Thank you in Advance.

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎10-16-2014 02:44 AM

Hi,

 

Well the best thing would be to see some configurations and "show" command outputs to get a better picture of the problem.

 

Some route related problems before have been about not being able to remove a static route from the configuration but I am not sure if I have heard anything like this before.

 

The first thing that comes to my mind when a host route is found on ASA routing table with no related routing configuration that there is some VPN connection involved. VPN Client connections for example insert route for the VPN users IP  address to the routing table for the duration of the connection. But as you say that you are running Multiple Context it cant be a case of VPN Client connection atleast.

 

Have you searched the configuration for any reference on the IP address in question? Is the IP address anywhere else on the ASA configurations?

 

But as I said, would be good to see some actual information from the device.

 

- Jouni

0 Helpful

chaitanya_kodag
Level 1
Level 1
In response to Jouni Forss

‎10-16-2014 06:57 AM

Thank you Jouni for your reply,

You are correct their is vpn config involved in this.This is simple LAN to LAN IPSEC vpn and no client is involved.

I found a static route entry in the routing table
 
O    10.30.25.0 255.255.255.0 [110/90] via 10.10.19.2, 18:58:23, INSIDE
                              [110/90] via 10.10.19.1, 18:58:23, INSIDE
S    10.30.25.3 255.255.255.255 [1/0] via 199.99.25.83, OUTSIDE   <====no config for this in running-config
 
Please let me know what show command output do you need to verify this.
0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to chaitanya_kodag

‎10-17-2014 03:39 AM

Hi,

I think if you are running IPSEC L2L VPN , you must be running ASA 9.x.

Can you send the output of show run tunnel-group for this Tunnel and the related crypto acl? Also , show asp table routing from the ASA device.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card