Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static Route

Hello, I'm a little newbie with Routing Device,


I had several Public IP

I had a Cisco Pix 501and want to replace it by a Cisco SA540


my Wan IP on Pix 501 is 195.68.x.z
my Lan IP on Pix 501 is 62.23.a.b (and 62.23.a.c ,...)


My Pix 501 Translation rules is : inside interface|inside:any:0.0.0.0|outside interface| same as orginal address
My Pix 501 Static route : outside |Ip address 0.0.0.0|Netmask 0.0.0.0|Gateway IP 195.168.x.y|Metric 1


So when a computer with 62.23.a.X want to acces to internet the static route tell it to throuw the Gateway IP 195.168.x.y (as I undestand)

I have to replicate this config to my SA540

So via the Web GUI, I configure the Wan and Lan IP
, then in routing menu I check "Classical Routing" then I go to Static Menu in order to add the same route as in my Pix 501, but I can't put 0.0.0.0 in iP address nor in IP Subnet Mask.

Can anyone help me ?

Thanks a lot.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Hello,

I hope this finds you doing well.  Just figured I would add a few minor things here ...

You probably saw this, however ... here is the link to the SA500 page:

https://www.myciscocommunity.com/docs/DOC-10526

Yes, when you configure the device as a router, then you have to configure all the routing.  You might try to remove the routes and readd them.

Also, a little off the subject, but if you wanted to stick with an ASA5505, there used to be a tool that would convert your PIX configus to ASA.  I do not remember where this link is now ... but it used to make the transition fairly simple.

After you configure the routing, from your internal machine, have you tried a trace route?  Upon which device does the traceroute fail?

In case you wish to speak to a support rep, here is the link to find the correct number:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

HTH,

Andrew Lee Lissitz

Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Well ... now that this is performing classical routing, basically you need to add whatever routes are needed for connectivity.  ;-)

Any internal networks will have to be route'able and you will also need a default route pointing to the uplink / service provider.

Does this make sense?  If you find this getting a little 'fuzzy', feel free to post follow up questions here or call a support rep via the link I pasted earlier in this post.

HTH,

Andrew

11 REPLIES

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

The PIX and SA500 work differently and are configured differently.  Often, you don't configure a PIX and IOS in the same fashion because they use a different configuration.

From what I have read that you are trying to do.  The SA540 has a default route to go out through the WAN port.  If you look at the routing table under the diagnostics page, I think you will see a route with 0.0.0.0 and subnet of 0.0.0.0 going to the default GW of your router.

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Thanks Steven for you answer.

So you mean , for what I want, I don"t have to put a static route ? because when I check "Classical Routing" I don't have access to the Internet.

I think I forgot something.

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Whatever I set : NAT or CLASSICAL ROUTE my Router Options in Diagnostic menu is :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
127.0.0.1       localhost       255.255.255.255 UGH   1      0        0 lo
92.103.214.164  *               255.255.255.252 U     0      0        0 eth1
92.103.213.168  *               255.255.255.248 U     0      0        0 bdg1
92.103.213.168  roubaix         255.255.255.248 UG    1      0        0 bdg1
default         92.103.214.165  0.0.0.0         UG    0      0        0 eth1

when I select NAT I can access to the internet, when I select CLASSICAL ROUTE I don't have any access.

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

routage_internet_cisco_540.jpg

Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Hello,

I hope this finds you doing well.  Just figured I would add a few minor things here ...

You probably saw this, however ... here is the link to the SA500 page:

https://www.myciscocommunity.com/docs/DOC-10526

Yes, when you configure the device as a router, then you have to configure all the routing.  You might try to remove the routes and readd them.

Also, a little off the subject, but if you wanted to stick with an ASA5505, there used to be a tool that would convert your PIX configus to ASA.  I do not remember where this link is now ... but it used to make the transition fairly simple.

After you configure the routing, from your internal machine, have you tried a trace route?  Upon which device does the traceroute fail?

In case you wish to speak to a support rep, here is the link to find the correct number:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

HTH,

Andrew Lee Lissitz

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Thank you Andrew for your answer.

I will check for the ASA 5505.

I don't have any static route, what route do I have to add ?

Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Hello,

Yep, the ASA product line is a very powerful FW, and I would suggest looking at this for any PIX replacement.

Here is the link for the user guide, look to the network / routing section:

http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA_500_Series_AG_OL-19114-01.pdf

This is a large pdf so it may take a few minutes to load.

Once you configure this device as classical routing, the SA500 will assume that you will configure the routing and so you will need to add the appropriate static routes.

Kindest regards,

Andrew

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Thanks, Andrew , this is my problem, which route do I have to add ?

Thanks for your help

Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Well ... now that this is performing classical routing, basically you need to add whatever routes are needed for connectivity.  ;-)

Any internal networks will have to be route'able and you will also need a default route pointing to the uplink / service provider.

Does this make sense?  If you find this getting a little 'fuzzy', feel free to post follow up questions here or call a support rep via the link I pasted earlier in this post.

HTH,

Andrew

New Member

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

Following your link I have called Cisco suport and opened a Ticket. Thanks

My service providers gateway assigned to me is 92.103.214.165. I have set this on my WAN settings. It works when using NAT.

But when I use Classical Routing, it doesn't work. On my old pix 501 I had only one Static Route :

Cisco_Pix_501.jpg

But on my Cisco SA540 I can't add 0.0.0.0 IP.

Bronze

Re: Cisco SA540 - Classical Routing Problem - 0.0.0.0 in static

I read this earlier in the post ... not sure why you can't add a default route.  Might be best to wait till the support rep can look at this with you.  IMO, this should not be an issue ... unfortunately I do not have one here to test with.

Do please let me know how you make out with support.  Kindest regards,

Andrew

2559
Views
0
Helpful
11
Replies