Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
408
Views
0
Helpful
4
Replies

STATIC ROUTES ON ASA

Go to solution
veltech
Level 1
Level 1

‎09-06-2013 06:00 AM - edited ‎03-11-2019 07:34 PM

Hi All,

BACKGROUND

We have configured an ASA for dual WAN redundancy using SLA monitors, ISP1 is a dynamic IP address with Virgin media, and ISP2 (failover) has a static IP address.

PROBLEM

When we try to configure the static routes we need the default gateway or "next hop" address, but with the primary connection this changes if the IP address changes. So, our question for all you experts is how do we get around this issue??

As always help greatly appreciated.

Regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to veltech

‎09-06-2013 06:54 AM

Hi,

taken from here:http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_static.html



hostname(config)# interface phy_if





 




hostname(config-if)# dhcp client route 
track track_id





 




hostname(config-if)# ip addresss dhcp 
setroute





 




hostname(config-if)# exit

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎09-06-2013 06:04 AM

Hi,

Your default gateway is static it is your IP adress which is dynamic.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
veltech
Level 1
Level 1
In response to cadet alain

‎09-06-2013 06:27 AM

Hi Alain,

Thanks for reply. Yes, thats what we thought but we understand from Virgin media that the gateway address can also change with a change of IP address. (DHCP). My understanding is that most ISPs will have several gateway addresses to provide resilience, but no matter what IP address is assigned through DHCP (Dynamic) the chosen gateway address should always work provided that the specific network is available. We have obtained the gateway address assigned from the "show route" output.

Any more thoughts??

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to veltech

‎09-06-2013 06:54 AM

Hi,

taken from here:http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/route_static.html



hostname(config)# interface phy_if





 




hostname(config-if)# dhcp client route 
track track_id





 




hostname(config-if)# ip addresss dhcp 
setroute





 




hostname(config-if)# exit

Regards

Alain

Don't forget to rate helpful posts.
0 Helpful

Go to solution
veltech
Level 1
Level 1

‎09-10-2013 12:37 PM

Hi Alain,

Thanks for your input and apologies for our late reply we had to Lab this up and have been a little busy in the last day or so.

Anyway, yes this has fixed the problem although complicated slightly by the fact that our Customer has multiple VPNs terminating on the ASA. We also spoke with our ISPs and they both confirmed that they operate a pool of IP addresses as gateways that should be reachable from any connection to their network irrespective of what the public IP address assigned maybe on the end user site.

Thanks again for your help I have marked correct answer.

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card