Re: ASA 5510 static routes

Daniil Yanov · ‎03-26-2009

Good day to all.. Problem:

asa5510(config)# sh route

S 192.168.2.0 255.255.255.0 [1/0] via 195.xx.xx.xx, outside

S 10.1.1.0 255.255.255.0 [1/0] via 10.2.2.1, inside

S 192.168.1.0 255.255.255.0 [1/0] via 195.xx.xx.xx, outside

S* 0.0.0.0 0.0.0.0 [1/0] via 195.xx.xx.xx, outside

asa5510(config)# sh run | i route

route outside 0.0.0.0 0.0.0.0 195.xx.xx.xx 1

route inside 10.1.1.0 255.255.255.0 10.2.2.1 1

route inside 192.168.1.0 255.255.255.0 10.2.2.1 1

What is the route to 192.168.2.0 is STATIC(!)? And why 192.168.1.0 routes to outside interface?

Also, if I send command like as route inside 192.168.2.0 255.255.255.0 10.2.2.1, asa's answer ERROR: Cannot add route entry, conflict with existing routes. If I send command no route ouside 192.168.2.0 255.255.255.0 195.xx.xx.xx, asa's answer %No matching route to delete

Any ideas?

Software Version 8.0(4).

a.alekseev · ‎03-26-2009

I may suppose that you have configured RRI (reverse route injection)

Daniil Yanov · ‎03-26-2009

No. There is no any reverse-route commands in config.

a.alekseev · ‎03-26-2009

show the configuration

Daniil Yanov · ‎03-26-2009

There is a base (factory-defaults) config. I have added only a static routes.

a.alekseev · ‎03-27-2009

try to reload the ASA

Daniil Yanov · ‎03-27-2009

I think the same as you, that if I reload ASA, problem will gone. But I can't to do this right now.

I'm trying to reload it on weekends. But any replies how to fix it without reload are welcome.

Renato Morais · ‎12-09-2010

Try the following commands:

route outside 192.168.2.0 255.255.255.0 195.xx.xx.xx

no route outside 192.168.2.0 255.255.255.0 195.xx.xx.xx

clamasters · ‎12-09-2010

I have seen some issues before, not exactly with 5510 but with other ASA's where when you factory reset your config, it'll sometimes make inside security 0 and outside security 100, effectively reversing the interfaces. This could be the cause.