cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
0
Helpful
7
Replies

Where does the extra outside route come from?

Sal Robertson
Level 1
Level 1

VPN-ASA5505# sh route inside

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is <IP address> to network 0.0.0.0

S    172.16.55.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    192.168.174.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.43.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.1.32.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.225.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.35.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.8.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.9.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.10.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.12.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.2.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.160.0.0 255.255.0.0 [1/0] via 10.161.0.1, inside

C    10.161.0.0 255.255.0.0 is directly connected, inside

S    10.162.7.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.30.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.19.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.20.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.21.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.110.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.99.0 255.255.255.0 [1/0] via 10.161.0.1, inside

S    10.162.95.0 255.255.255.0 [1/0] via 10.161.0.1, inside

VPN-ASA5505#

VPN-ASA5505#

VPN-ASA5505# sh route outside

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

Gateway of last resort is <IP address> to network 0.0.0.0

S    10.92.1.1 255.255.255.255 [1/0] via <IP address>, outside

C    <IP address> 255.255.255.224 is directly connected, outside

S*   0.0.0.0 0.0.0.0 [1/0] via <IP address>, outside

VPN-ASA5505#

VPN-ASA5505#

VPN-ASA5505# sh run | incl route

route outside 0.0.0.0 0.0.0.0 <IP address> 1

route inside 10.1.32.0 255.255.255.0 10.161.0.1 1

route inside 10.1.43.0 255.255.255.0 10.161.0.1 1

route inside 10.160.0.0 255.255.0.0 10.161.0.1 1

route inside 10.162.2.0 255.255.255.0 10.161.0.1 1

route inside 10.162.7.0 255.255.255.0 10.161.0.1 1

route inside 10.162.8.0 255.255.255.0 10.161.0.1 1

route inside 10.162.9.0 255.255.255.0 10.161.0.1 1

route inside 10.162.10.0 255.255.255.0 10.161.0.1 1

route inside 10.162.12.0 255.255.255.0 10.161.0.1 1

route inside 10.162.19.0 255.255.255.0 10.161.0.1 1

route inside 10.162.20.0 255.255.255.0 10.161.0.1 1

route inside 10.162.21.0 255.255.255.0 10.161.0.1 1

route inside 10.162.30.0 255.255.255.0 10.161.0.1 1

route inside 10.162.35.0 255.255.255.0 10.161.0.1 1

route inside 10.162.95.0 255.255.255.0 10.161.0.1 1

route inside 10.162.99.0 255.255.255.0 10.161.0.1 1

route inside 10.162.110.0 255.255.255.0 10.161.0.1 1

route inside 10.162.225.0 255.255.255.0 10.161.0.1 1

route inside 172.16.55.0 255.255.255.0 10.161.0.1 1

route inside 192.168.174.0 255.255.255.0 10.161.0.1 1

VPN-ASA5505#

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

From Reverse Route Injection VPN  I guess

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

7 Replies 7

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

From Reverse Route Injection VPN  I guess

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

But wouldn't that being configured show up in the configuration? I don't see reverse route injection anywhere... What does the command look like?

Hello,

Show run | include reverse-route

10.92.1.1 belongs to which IP address pool? REmote IPsec users or Anyconnect?

Anyconnect by default has RR with no configuration needed

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

VPN-ASA5505# sh run | incl reverse-route

VPN-ASA5505#

I am guessing it's Anyconnect. Not sure how to tell that,either.... #FirewallNovice....

Hello,

Check if you have enabled webvpn.

That's the answer right there

Bud remember to rate all of the helpful posts

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

That would be yes. Thanks.

VPN-ASA5505# sh run | incl webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

webvpn

tunnel-group AnyConnect webvpn-attributes

sure man

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: