Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Where does the extra outside route come from?

VPN-ASA5505# sh route inside

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is <IP address> to network 0.0.0.0

S    172.16.55.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    192.168.174.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.43.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.32.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.225.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.35.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.8.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.9.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.10.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.12.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.2.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.160.0.0 255.255.0.0 [1/0] via 10.161.0.1, inside

C    10.161.0.0 255.255.0.0 is directly connected, inside

S    10.162.7.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.30.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.19.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.20.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.21.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.110.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.99.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.95.0 255.255.255.0 [1/0] via 10.161.0.1, inside

VPN-ASA5505#

VPN-ASA5505#

VPN-ASA5505# sh route outside

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is <IP address> to network 0.0.0.0

S    10.92.1.1 255.255.255.255 [1/0] via <IP address>, outside

C    <IP address> 255.255.255.224 is directly connected, outside

S*   0.0.0.0 0.0.0.0 [1/0] via <IP address>, outside

VPN-ASA5505#

VPN-ASA5505#

VPN-ASA5505# sh run | incl route

route outside 0.0.0.0 0.0.0.0 <IP address> 1

route inside 10.1.32.0 255.255.255.0 10.161.0.1 1

route inside 10.1.43.0 255.255.255.0 10.161.0.1 1

route inside 10.160.0.0 255.255.0.0 10.161.0.1 1

route inside 10.162.2.0 255.255.255.0 10.161.0.1 1

route inside 10.162.7.0 255.255.255.0 10.161.0.1 1

route inside 10.162.8.0 255.255.255.0 10.161.0.1 1

route inside 10.162.9.0 255.255.255.0 10.161.0.1 1

route inside 10.162.10.0 255.255.255.0 10.161.0.1 1

route inside 10.162.12.0 255.255.255.0 10.161.0.1 1

route inside 10.162.19.0 255.255.255.0 10.161.0.1 1

route inside 10.162.20.0 255.255.255.0 10.161.0.1 1

route inside 10.162.21.0 255.255.255.0 10.161.0.1 1

route inside 10.162.30.0 255.255.255.0 10.161.0.1 1

route inside 10.162.35.0 255.255.255.0 10.161.0.1 1

route inside 10.162.95.0 255.255.255.0 10.161.0.1 1

route inside 10.162.99.0 255.255.255.0 10.161.0.1 1

route inside 10.162.110.0 255.255.255.0 10.161.0.1 1

route inside 10.162.225.0 255.255.255.0 10.161.0.1 1

route inside 172.16.55.0 255.255.255.0 10.161.0.1 1

route inside 192.168.174.0 255.255.255.0 10.161.0.1 1

VPN-ASA5505#

1 ACCEPTED SOLUTION

Accepted Solutions

Where does the extra outside route come from?

Hello,

From Reverse Route Injection VPN  I guess

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
7 REPLIES

Where does the extra outside route come from?

Hello,

From Reverse Route Injection VPN  I guess

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Where does the extra outside route come from?

But wouldn't that being configured show up in the configuration? I don't see reverse route injection anywhere... What does the command look like?

Where does the extra outside route come from?

Hello,

Show run | include reverse-route

10.92.1.1 belongs to which IP address pool? REmote IPsec users or Anyconnect?

Anyconnect by default has RR with no configuration needed

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Where does the extra outside route come from?

VPN-ASA5505# sh run | incl reverse-route

VPN-ASA5505#

I am guessing it's Anyconnect. Not sure how to tell that,either.... #FirewallNovice....

Where does the extra outside route come from?

Hello,

Check if you have enabled webvpn.

That's the answer right there

Bud remember to rate all of the helpful posts

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Where does the extra outside route come from?

That would be yes. Thanks.

VPN-ASA5505# sh run | incl webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

tunnel-group AnyConnect webvpn-attributes

Where does the extra outside route come from?

sure man

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
108
Views
0
Helpful
7
Replies
CreatePlease to create content