cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
364
Views
3
Helpful
3
Replies

Strange static route issue.

joe.cornelson
Level 1
Level 1

This is a routing question. I have seen this before on routers and on firewalls. Can someone explain why this happens or how I might go about debugging this?

We have a data center and part of the diagram is below.

We have a server that has to go through a Cisco 506 to another server connected to the 3750. This is behind an ASA5510. I have a static route on the 506 pointing to the 172.20.4.0/24 network which is on the 3750. If I have just an ip route 172.20.0.0/20 on the 506, the server can?t connect with the device on the 172.20.4.0/24 network. However, if I add or only have the ip route 172.20.4.0/24 on the 506?.traffic passes through just fine.

There is no outgoing access list. It just seems that the /20 should work. Is there a good reason for this to happen?

Has anyone else see this?

Server-----Cisco506-----3750----Cisco ASA5510----

Firewall has 2 static routes shown below:

1. ip route 172.20.0.0/20

2. ip route 172.20.4.0/24

3750 has several networks

1. 172.20.1.0/24

2. 172.20.2.0/24

3. 172.20.3.0/24

4. 172.20.4.0/24

Thanks,

Jim

1 Accepted Solution

Accepted Solutions

keduncan
Level 1
Level 1

It's acting like your mask is 255.255.254.0 where the 172.20.4.0 is not included in the static route... but with a /20 you should be OK

can you get to the other subnets .1, .2, and .3??

View solution in original post

3 Replies 3

kamal-learn
Level 4
Level 4

hi

can u upload the show ip route of ur CISCO506?

is the ip classless is enabled on the cisco506?

do you have others subnets of the network 172.20.0.0 in the cisco506 ??

thankx

keduncan
Level 1
Level 1

It's acting like your mask is 255.255.254.0 where the 172.20.4.0 is not included in the static route... but with a /20 you should be OK

can you get to the other subnets .1, .2, and .3??

Thanks goodness I am only half crazy.

It does work with the 255.255.240.0 netmask. On rare occasions I will mistype something repeatedly even though I am staring at the keyboard. I think that is what must have happened. I appreciate your answer.....made me retry it.

This pix is unusual in that there is no config on it for nat (inside) 1 or nat (inside) 0. We do a static translation going into it from the outside. At some point...I must have pannicked.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco