Re: Can not route inside to DMZ for access internet

rechard_david · ‎09-11-2009

Dear All

i would like to ask you some question about ASA 5510.

Let me tell you on interface ASA:

interface E0/0 is outside

interface E0/1 is inside

interface E0/2 is DMZ (internet)

my problem is: i cannot route on inside to DMZ ..

wheni i type route command it show as below:

HQ-ASA5510(config)# route DMZ 192.168.0.0 255.255.255.0 115.178.25.145

ERROR: Cannot add route, connected route exists

Note: i all ask bellow:

-route outside 0.0.0.0 0.0.0.0 10.10.10.1

For DMZ i don't know how to route ?

Let me how can i solve this issue?

Please see in the attach file

Best Regards,

Rechard

andrew.prince · ‎09-12-2009

Why have you got your device setup like this?

rechard_david · ‎09-12-2009

Dear andrew,

The first, this device i used VPN connection (it not internet connection,just bridgh conneciton only)(int e0/0 for outside), but now i want to use internet so i have to create one more interface like DMZ on port int e0/2.

So how can i do inside can go out internet connection?

Best Regards,

Rechard

rechard_david · ‎09-14-2009

Dear all and andrew,

Any one do you have any solution?

Best Regards,

Norung

Jon Marshall · ‎09-14-2009

Norung

Not sure what this route is meant to do -

route DMZ 192.168.0.0 255.255.255.0 115.178.25.145

that says, to get to the 192.168.0.0/24 go out of the DMZ to 115.178.25.145

clearly that's not right. Also there is no mention of the 115.178.25.145 address on your diagram.

Regardless of the above you will have to use a default route to get to the Internet so

route DMZ 0.0.0.0 0.0.0.0

If you are already using the default route and it looks like you might be ie.

"Note: i all ask bellow:

-route outside 0.0.0.0 0.0.0.0 10.10.10.1"

then you can't use that one. The default route has to be used for the Internet, unless you want to add routes for every single Internet destination !!!!

So you will have to add specific routes for your branch sites.

Jon