Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Newbie Static Routing Issue

Hello all,

Having no previous Cisco experience, I'm really struggling to get to grips with what should be a very simple staic route configuration on an ASA 5505.

Basically,I'm using the ASA5505 as my default gateway, however I have another router (Speedtouch 608WL) which serves a site to site VPN to another office. I've configured a static route point as per the attachment however, I cannot access resource on the remote network. is there something really simple that I'm missing. Please accept my apologies for many lack of basic understanding on how these devices work, I've been thrown i the deep end big time on this one. Any help you cold provide, even if it's pointing me in the direction of some tutorials or other resources ould be greatly appreciated.

Many Thanks


Cisco Employee

Newbie Static Routing Issue


There are few things you might want to check.

1) Is the next hop the IP of the router and is it reachable from the ASA?

2) On the router, is the VPN up in the first place.

It would be nice to have a topology diagram. Can you provide one?



New Member

Newbie Static Routing Issue

Many thanks for your response.

Yes, is the IP address of the router servicing the IPSec VPN to the network. Another Idenitcal Speedtouch is at the other end. If I change my default gateway address to I can access all the resources on the network - which leads me to believe VPN is operational.

If I ping from the ASA I get the following response:

However, If I try to ping the router at the other end of the gateway ( from the adsm I get the following response:

Please find a very crude network diagram overview diagram below:

Many Thanks for your help thus far. Please let me know if you need any further information.

New Member

Newbie Static Routing Issue

Forgot to say, the double arrow denotes a IPSec VPN between sites. Thanks again.


Newbie Static Routing Issue


the static route you entered is wrong because the network is not on the inside interface but the outside one.

Where is the inside network communicating through VPN located? Which device is doing NAT ?

Can you post config of ASA and router.



Don't forget to rate helpful posts.
New Member

Newbie Static Routing Issue

Thanks Alain.

I might not have a full understanding, and could be wrong, but I was sure it was on the Inside interface, as it's connect via a switch on port 2 (which is configured as Inside). Am I wrong?

Unfortunatley I cannot post the full config for the Speedtouch as it's managed by a third party. I could get the config sent over, howver , it could take a couple of days. Though RE said router, as soon as I make the Speedtouch my Default gateway I can access all the nessecary resources. In my understanding (and appreicate I could be wrong) doesn't that point to it performing it's role correctly.

Thanks again for your help. Please find the config for the ASA below:

Result of the command: "show running-config"

: Saved


ASA Version 8.3(1)


hostname ciscoasa

enable password uHrzqROQ0KCd5V0G encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS



dns server-group OpenDns



dns-group OpenDns

object network obj_any


pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside,outside) source dynamic any interface


object network obj_any

nat (inside,outside) dynamic interface

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface outside

dhcpd auto_config outside


dhcpd address inside


threat-detection basic-threat

threat-detection statistics host number-of-rate 3

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options


service-policy global_policy global

prompt hostname context


: end


Newbie Static Routing Issue


I might not have a full understanding, and could be wrong, but I was  sure it was on the Inside interface, as it's connect via a switch on  port 2 (which is configured as Inside). Am I wrong?

looking at your config you are not wrong indeed but why did you connect the inside interface of the ASA to the router?

This should be connected through outside to the router as the router is connected to the outside world otherwise what is the use of the firewall?

What is connected to outside then? as I see you receive an IP address on outside from a DHCP server along with a default route ? Where are the other devices connected to?



Don't forget to rate helpful posts.
New Member

Newbie Static Routing Issue

Thanks for getting back to me. the DHCP address asigned to the outside interface is from the ISP. The ASA is connected directly to a cable modem.

The speedtouch connecting the network to the network is in a differnet buidling (Where the cable modem come ine) that can only be accessed via the local network/inside interface (fibre connect buildings and my switches will not VLAN). Maybe I haven't given the best description of what I'm trying to achieve.

I'd like for all traffic sent to (the ASA) sent to the network to be routed through the Speedtouch's ( existing VPN connection. This VPN is definitley working and I can create static routes to this network from other devices (a Draytek router). However, I cannot get ASA to communicate with it.

Is there a differnet way I shoudl be setting the static route up?

Hope that makes sense. Please let me know if you need any further information.

Many Thanks .