01-05-2007 11:55 AM - edited 03-03-2019 03:16 PM
This is a routing question. I have seen this before on routers and on firewalls. Can someone explain why this happens or how I might go about debugging this?
We have a data center and part of the diagram is below.
We have a server that has to go through a Cisco 506 to another server connected to the 3750. This is behind an ASA5510. I have a static route on the 506 pointing to the 172.20.4.0/24 network which is on the 3750. If I have just an ip route 172.20.0.0/20 on the 506, the server can?t connect with the device on the 172.20.4.0/24 network. However, if I add or only have the ip route 172.20.4.0/24 on the 506?.traffic passes through just fine.
There is no outgoing access list. It just seems that the /20 should work. Is there a good reason for this to happen?
Has anyone else see this?
Server-----Cisco506-----3750----Cisco ASA5510----
Firewall has 2 static routes shown below:
1. ip route 172.20.0.0/20
2. ip route 172.20.4.0/24
3750 has several networks
1. 172.20.1.0/24
2. 172.20.2.0/24
3. 172.20.3.0/24
4. 172.20.4.0/24
Thanks,
Jim
Solved! Go to Solution.
01-05-2007 12:47 PM
It's acting like your mask is 255.255.254.0 where the 172.20.4.0 is not included in the static route... but with a /20 you should be OK
can you get to the other subnets .1, .2, and .3??
01-05-2007 12:19 PM
hi
can u upload the show ip route of ur CISCO506?
is the ip classless is enabled on the cisco506?
do you have others subnets of the network 172.20.0.0 in the cisco506 ??
thankx
01-05-2007 12:47 PM
It's acting like your mask is 255.255.254.0 where the 172.20.4.0 is not included in the static route... but with a /20 you should be OK
can you get to the other subnets .1, .2, and .3??
01-05-2007 01:13 PM
Thanks goodness I am only half crazy.
It does work with the 255.255.240.0 netmask. On rare occasions I will mistype something repeatedly even though I am staring at the keyboard. I think that is what must have happened. I appreciate your answer.....made me retry it.
This pix is unusual in that there is no config on it for nat (inside) 1 or nat (inside) 0. We do a static translation going into it from the outside. At some point...I must have pannicked.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: