2911/k9 lose static routing table entry

Similar Messages

• CVP - SIP Proxy (Route Table entries)

  I'm having little luck finding information on adding entries to the Route Table in Cisco SIP Proxy (8.5). I understand how to add a basic entry but what I really need to know is what wildcards are available to be used for the Key entries? Would these be the same as wildcards in IOS dial peers? If so, is there something that explicitly states this? Hopefully I'm just overlooking something obvious in the guide. Any help is appreciated!

  I understand you are talking about "Local Static Routes" on the SIP tab of the CVP Call Server Configuration.
  From the CVP OAMP page, on the Help menu you can find information about the content of the page where you are, Help -> This Page.
  This is taken from CVP 8.0, but you should have something similar for 8.5:
  Valid Formats for Dialed  Numbers
  Valid dialed number patterns are the same as for the ICM label  sizes and limitations, including:
  Use the period  (.) or the X character for single-digit  wildcard matching in any position.
  Use the greater than  (>), asterisk (*), or exclamation  (!) character as a wildcard for 0 or more digits at the  trailing end of a DN.
  Do not use the character T for wildcard matching
  Dialed numbers  must not be longer than 24 characters
  Pattern matching is  applied from top to bottom of a list of DNs, with the result being the first  match in the list, even if a more specific pattern would match further down the  list.
  Exact pattern matches take precedence over wildcard  matches, regardless of the position of the DN in the list.

• ASA 5505 Logging Issue - Warning: Configured logging host interface conflicts with route table entry

  I am getting this warning on my ASA 5505 when I try to set up logging from my off site FW to the central FW, which is a 5510. What I am trying to do is send the FW logs through the VPN Tunnel into the central 5510 to our logging server at 192.168.22.99, but allow all other traffic out the outside interface so customers can hit our web servers down there. Here is an example of my config with fake IP's. I get this error when trying to do "logging inside host 192.168.22.99". If I try to put in "logging Tunnel host 192.168.22.99" I get the "Warning:Security Level is 1" message
  5505
  ethe0/0
  desc To LA ISP (217.34.122.1)
  switchport access vlan2
  ethe0/1
  desc To Redwood City HQ via VPN Tunnel
  switchport access vlan1
  ethe0/2
  desc To Internal Web Server
  switchport access vlan3
  VLAN1
  desc Tunnel to HQ
  ifinterface Tunnel
  security level 1
  217.34.122.3 255.255.255.248
  VLAN3
  desc Internal Web Server
  ifinterface inside
  security level 100
  192.168.0.1 255.255.255.0
  access-list LosAngeles extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0
  (No access-group is performed, as I match from the crypto map instead since I have multiple sites going out of HQ - see HQ configs)
  route Tunnel 192.168.22.0 255.255.255.0 65.29.211.198
  crypto map TO-HQ 10 match address LosAngeles
  crypto map TO-HQ set peer ip 65.29.211.198
  5510 at HQ
  access-list LA extended permit ip 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0
  (again no access-group, since I have a couple other off sites)
  crypto map TO-LA 20 match address LA
  crypto map TO-LA 20 set peer ip 217.34.122.3

  Hi Jouni,
  I have the following configs in place with fake IPs
  5505
  1 outside interface with security level 0 (vlan1 direct connect to isp 217.33.122.2/30) - goes to ISP
  1 Tunnel interface with security level 1 (vlan 2 direct connect to isp 217.33.122.6/30) - goes to Tunnel to our 5510
  1 inside interface with security level 100 (servers connected to hub, with vlan3 ip of 192.168.0.1)
  access-list LosAngeles extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0 - acl to 5510 inside network
  route outside 0.0.0.0 0.0.0.0 217.33.122.1 - route for all traffic (except for 192.168.22.0/24) to take the outside connection
  route Tunnel 192.168.22.0 255.255.255.0 65.29.211.198 - route for 192.168.22.0 destined traffic to take the Tunnel connection
  crypto map  TO-HQ 10 match address LosAngeles
  crypto map TO-HQ 10 set peer ip 65.29.211.198
  tunnel-group 65.29.211.198 type ipsec-l2l
  5510
  1 outside interface with security level 0 (vlan1 direct connect to isp 65.29.211.198) - goes to isp
  1 inside interface with security level 100 (vlan2 connection to corporate servers and SIP 192.168.22.0/24)
  access-list LA extended permit ip 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0
  access-list OUTBOUND extended permit icmp host 217.33.122.6 host 192.168.22.99 (allows Nagios monitor to ping the DE interface
  access-group OUTBOUND in interface outside
  nat (inside,outside) static 192.168.22.99 interface destination static 217.33.122.6
  route outside 192.168.0.0 255.255.255.0 217.33.122.6
  crypto map TO-LA 20 match address LA
  crypto map TO-LA 20 set peer ip 217.33.122.6
  tunnel-group 217.33.122.6 type ipsec-l2l
  I am mistaken on the 5510 interfaces. They do not have vlans, and the IP address is directly applied to the interfaces for outside and inside.

• SMTP routing table does not seem to be working correctly.

  Why isn't the SMTP routing table working properly?
  <P>
  First, make sure you have the routing table setup correctly.
  Entries in the Routing table are in the following format:
  <P>
  <incoming recipient domain>:<route to this host>
  <P>
  For example, if you want all mail addressed to [email protected]
  to be routed to mailhost1.realdomain.com, you would add the following
  line to the SMTP routing table:
  <P>
  virtualdomain.com:mailhost1.realdomain.com
  <P>
  With the above option, any mail coming in addressed to <anyone>@virtualdomain.com
  will be routed to mailhost1.realdomain.com. The recipient email
  address will not be re-written, so mailhost1.realdomain.com needs to
  accept mail addressed to the original address, @virtualdomain.com,
  even though it is in realdomain.com.
  <P>
  Before adding, changing or deleting any SMTP routing table entries, double-check
  with the DNS Administrator that the host names you specify are valid,
  registered host names. If in doubt, you can use IP addresses for the
  "route to" host, but not for the "incoming recipient domain".
  <P>
  Wild cards can be used in mail routing table options, but they indicate that a
  hostname <B>will</B> fill that spot. For example:
  <P>
  *.domain.com:mailserver1.domain.com
  <P>
  In the above example, any mail addressed to <anyone>@<anyhost>.domain.com
  will be routed to mailserver1.domain.com. However, mail addressed to
  <anyone>@domain.com will not be routed. To fix this, add this
  line:
  <P>
  domain.com:mailserver1.domain.com
  <P>
  <B>Note:</B> You cannot use the SMTP routing table to route all mail
  addressed to a specific domain to a specific account. You would need to use
  a "Mail Pool" account for this, which is only available in Messaging Server
  3.5+.

  is this entry valid for routing table in nms v 4.15 p6
  * : anotherhot.mydomain.com:5000
  assuming that my anotherhost is listening and accepting on port 5000 for smtp connections. and i wanna forward all the mails to that host
  regards
  Prashant

• Cisco UC560 Not Clearing Static Routes When VPN Connections Drop

  We have a Cisco UC560 (UC560-FXO-K9) running "Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M),
  Version 15.1(2)T2, RELEASE SOFTWARE (fc1)"  The issue is when we have end users connecting with the Cisco VPN Client to this device sometimes we are unable to connect to any devices on our LAN or sometimes we can't connect to the LAN on the other end of our site-to-site VPN.  The one symptom I've observed when this happens is that old VPN sessions that have disconnected appear to leave static routes from the user's outside IP at their home to an IP on our LAN to a Virtual-Access interface.  When this starts to happen, I restart the firewall to clear out the stale static routes and the problem is fixed, for a while at least.  Below is the current state where we have the site-to-site VPN connected to our branch office and 2 user's connected with Cisco VPN clients.  Below that is the static route table which has 5 total Virtual-Access interface routes (one is an extra route for a user currently connected so that their outside IP is in the static route table with 2 inside IP's associated.)  Is there a way to fix the cleanup of VPN connections when they terminate?
  #sh crypto isakmp peers
  Peer: <branch office outside IP> Port: 500 Local: <firewall's outside IP>
  Phase1 id: <branch office outside IP>
  Peer: <users's outside IP #1> Port: 50420 Local: <firewall's outside IP>
  Phase1 id: EZVPN_GRP_437
  Peer: <user's outside IP #2> Port: 49345 Local: <firewall's outside IP>
  Phase1 id: EZVPN_GRP_437
  Bugsy#sh ip ro st
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
         + - replicated route, % - next hop override
  Gateway of last resort is <next hop of ISP for firewall> to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via <next hop of ISP for firewall>
        10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
  S        10.0.0.153/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
  S        10.0.0.155/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
  S        10.0.0.156/32 [1/0] via <user's outside IP #2>, Virtual-Access3
  S        10.0.0.158/32 [1/0] via <user's outside IP #1>, Virtual-Access3
  S        10.0.0.159/32 [1/0] via <user's outside IP #2 again>, Virtual-Access2
  S        10.1.10.1/32 is directly connected, Vlan90

  Hi Brian,
  This sounds like you are running into the following known issue:
    CSCtl03682 - EzVPN client: Several RRI routes  pointing to same virtual interface
  which is Dup'd to:
    CSCtf39056 - RRI routes not deleted
  This is fixed since 15.1(2)T4, so I would recommend upgrading to SWP 8.2 or higher.  The only other way to clean up the stuck routes is to reload the router.
  Thanks,
  Brandon

• Connectivity problem with WRT610N v1 due to routing table issue

  Greetings!
  I have a puzzling issue with my new WRT610N.It is currently used as an access point so it's IP address is not the default 192.168.1.1 and instead 192.168.1.253.
  After a month of use, internet connectivity via wireless has stopped working. My wireless clients can  connect to it via WPA2 but it cannot reach my gateway, i.e., I cannot ping 192.168.1.1 to get out to the internet.
  After checking all its settings, I've found that  it's routing table for the LAN & Wireless interface has a gateway of 0.0.0.0. Comparing this with an old WRT54G, the gateway should be the IP of the WRT610N, i.e., 192.168.1.253.
  The obvious solution would be to delete the invalid routing table entry, but the router's web interface does not provide that capability. I've tried entering a manual route entry of Destination LAN IP = 192.168.1.0, Subnet Mask = 255.255.255.0, Gateway = 192.168.1.253, Interface = LAN & Wireless but the router rejects it as an invalid route.
  The last attempt is applying the latest firmware but the gateway 0.0.0.0 issue still persists.
  Thanks in advance for the comments and suggestions.

  Since you have upgraded the firmware of your Router, Have you resetted your Router and re-configure all the settings on your Router back again. If not then Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
  Here are some wireless settings which you can set on your Router. 
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave username blank & in password use admin in lower case...
  For Wireless Settings, please do the following : -
  Click on the Wireless tab
  -Here select manual configuration...Wireless Network mode should be mixed...
  -Provide a unique name in the Wireless Network Name (SSID) box in order to differentiate your network from your neighbours network...
  - Set the Radio Band to Wide-40MHz and change the Wide channel to 9 and Standard Channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on save settings...
  Please make a note of Wireless Network Name (SSID) as this is the Network Identifier...
  For Wireless Security : -
  Click on the Sub tab under Wireless > Wireless Security...
  Change the Wireless security mode to WPA, For Encryption, select AES...For Passphrase input your desired WPA Key. For example , MySecretKey , This will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.
  NOTE : Passphrase should be more that 8 characters...
  Click on Advanced Wireless Settings
  Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304 Change the RTS Threshold to 2307 >>Click on "Save Settings"...
  Now see if you can locate your Wireless Network and attempt to connect...

• Strange entries in WRT400N Routing Tables

  I was trying to setup some static routes (unsuccessfully) when I noted some wierd entries in the routing table shown when clicking the "Show Routing Table" button in the Advanced Routing section of Setup. The entries are:
  Destination LAN IP              Subnet Mask                 Gateway                     Hop Count          Interface
  151.164.184.120           255.255.255.255                      *                               1                      Internet (WAN)
  192.168.207.0                255.255.255.0               192.168.207.1                  1                      LAN & Wireless
  239.0.0.0                         255.0.0.0                                     *                              1                      LAN & Wireless
  127.0.0.0                         255.0.0.0                         192.168.207.1                 1                      LAN & Wireless
  default                              0.0.0.0                            151.164.184.120             1                      Internet (WAN)
  I am concerned about the entries in bold format. The address 151.164.184.120 resolves to some area in Texas although I wasn't able to find more. Any idea what this could be? Should I be concerned?
  Thanks.

  You have PPPoE connection. You are connected to the PPP server 151.164.184.120 at your ISP. The first route says that the 151.164.184.120 is connected to the WAN interface. The default route says that your internet connection goes to the PPP server of your ISP.

• No entries in my Host Routing table

  I got the phone from Cincinnati Bell in USA and registered the phone with Etisalat Nigeria, it worked for about 7 months and stopped working and when i checked the Host routing Table i found no entries. My PIN:29BA62F7 and my IMEI No:358807040132108. Please help.

  On the handset, go to:
  For OS5 and 4.x
  Options - Advanced Options - Host Routing Table
  and click Register now, and escape back to the home page.
  For OS6 and higher
  in options, device , advanced, host routing table, click on menu and choose register now.
  Wait 2 minutes and see if registration to network happens.
  Resend your service books from your carrier BIS site:
  From your handheld device: http://www.blackberry.com/btsc/KB15402
  Go to the Personal Email Set Up icon and log in. Then under Help!, select Service Books, then select Send service Books.
  From your desktop PC: http://www.blackberry.com/btsc/KB02830
  North American Carriers - scroll down to select your carrier
  WorldWide Carriers - Find your carrier on the list
  3. With the BlackBerry device powered ON, remove the battery a few seconds and then reinsert the battery to reboot. This reboot, even if you have already done this, is often needed to install the service books.
  Click here to Backup the data on your BlackBerry Device! It's important, and FREE!
  Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
  Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
  BESAdmin's, please make a signature with your BES environment info.
  SIM Free BlackBerry Unlocking FAQ
  Follow me on Twitter @knottyrope
  Want to thank me? Buy my KnottyRope App here
  BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V

• Eem script monitor routing table - multiple entries into 1 email

  I have the following script running to report on routing table changes
  event manager applet route-table-monitor
  event routing network 0.0.0.0/0 ge 1
  action 0.5 set msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"
  action 1.0 syslog msg "$msg"
  action 2.0 cli command "enable"
  action 4.0 info type routername
  action 5.0 mail server "10.*.*.*" to "roger.perkin@****" from "Switch1" subject "Routing Table Change" body "$msg  $_cli_result"
  It works perfectly however if multiple routes change I get multiple emails.
  Last night we had a site go out and I got about 20 separate email for each subnet change.
  What I would like to do is get this script to take all routes changed in a 1 minute interval and then output them into an email.
  Not quite sure how I would go about that?
  Thanks
  Roger
  Currently studying for my CCIE and just started on EEM, have not done much scripting before so this is all good stuff to know.

  You can't do this with one policy.  However, you could accomplish this with a timer policy that will batch up the pending updates, though.  Something like this would work.
  event manager applet route-table-monitor event routing network 0.0.0.0/0 ge 1 action 0.5 set msg "Route changed: Type: $_routing_type, Network:  $_routing_network, Mask/Prefix: $_routing_mask, Protocol:  $_routing_protocol, GW: $_routing_lastgateway, Intf:  $_routing_lastinterface" action 0.6 syslog msg "$msg" action 1.0 handle-error type ignore action 2.0 context retrieve key RTRCTXT variable msgs action 3.0 if $_error ne FH_EOK action 4.0  set msgs "$msg\n" action 5.0 else action 6.0  append msgs "$msg\n" action 7.0 end action 8.0 handle-error type exit action 9.0 context save key RTRCTXT variable msgs!event manager applet route-table-batcher event timer watchdog time 60 action 1.0 handle-error type ignore action 2.0 context retrieve key RTRCTXT variable msgs action 3.0 if $_error eq FH_EOK action 4.0  info type routername action 5.0  mail server "10.*.*.*" to "roger.perkin@****" from "$_info_routername" subject "Routing Table Change" body "$msgs" action 6.0 end action 7.0 handle-error type exit

• How do you promote a static route over a directly connected?

  Hi all,
  I have a need for a static route to be used instead of a directly connected route. (Long story - involving firewalls and anti-spoofing.. but can go further if required)
  I am using a Cisco 3750 switch. I notice directly connected routes have a metric of 0, and the highest metric I can give a static route is 1.
  Therefore, how is it possible for me to make the switch use the static route and not the directly connected?
  Any help would be appreciated!
  Cheers,
  Ben

  Hi Rick,
  Thanks for your patience.
  Maybe I should start again.
  Initially we had 16 VLANs within the 10.0/16 address space. We have some Cisco 3750's connected by dark fibre accross a couple of kms and then lower access switches all hanging of these by some means. The network is flat.
  We have a checkpoint firewall hanging off one of the 3750s connected using a TRUNK port. The firewall has an IP address on all VLANs and is used to route traffic between VLANs based on its ruleset.
  So if I have a user in VLAN 10 who wants to talk to VLAN 20, they travel to the firewall, if a rule permits the access, the firewall routes the packet on to VLAN 2 and the switches deliver at Layer 2.
  The switches all have their default VLAN 1 disabled, and have an IP address on our management VLAN to allow us to manage the switches.
  Its quite important that this IP is on a secured management VLAN as we don't want just anyone being able to snoop switch logins etc..
  If we need to login to a switch, the firewall routes our traffic from whatever VLAN we are on to the Management VLAN.
  One of our VLANs (the Desktop VLAN) is quite large (approx 1300 hosts) and suffers a great deal from too much arp broadcast traffic.
  As we have a flat switched network across several kms, the cost of putting in routers to subnet this large VLAN is excessive.
  However, the 3750's we have are perfectly capable of routing between VLANs, so we decide to create a load of new VLANs instead of subnetting our large VLAN. We don't want to use the firewall to route between these new VLANs as thats just giving the firewall more to do, and previously all these hosts were on a single subnet, so we have no need for any strict security - at most we can use ACLs on the switches if we even need that!
  So far so good.
  With 1300 hosts, we obviously can't make sudden topology changes. Therefore we need to be able to route between the Desktop VLAN and the new VLANs.
  We therefore introduce the static routes between the firewall and the switches.
  So the firewall says:
  route 10.1.0.0/16 via Multilayer switch IP on 10.1.0.0/16
  The multilayer switch says:
  route 10.0.0.0/16 via Firewall IP on 10.1.0.0/16
  This allows routing perfectly between the Desktop VLAN and the new VLANs.
  However the moment we enable ip routing on the switches we break access between the desktop VLAN and the Management VLAN.
  A packet leaves the desktop VLAN through the default gateway on the firewall. This is then routed to the Management VLAN. The return packet doesn't use the Management VLAN default gateway (firewall), it follows the static route on the switch and ends up at the firewall on 10.1.0.0/16. This is subsequently dropped as the firewall knows the packet hasn't come from the 10.1.0.0/16 network, it originally came from the desktop VLAN on 10.0.0.0/16.
  It might seem we can define a route on the switch to say:
  route 10.0.50.0/24 (management VLAN) via 10.0.50.254 (firewall). However, this would result in all packets from 10.1.0.0/16 being dropped by the firewall.
  The other problem is that if we are on a new VLAN and want to talk to the management VLAN. The packet goes to its default gateway on the switch. The switch says - "I have an IP on the management VLAN, its directly connected" - therefore it ignores the static route, and passes the packet on its way. We have now bypassed the firewall, which is bad.
  Incidentally the return packets get routed through the firewall and dropped, as the original packet didn't come through the firewall, there is no entry in the state table for its return.
  I think if we turned off the management interface on the switch and managed it through the interface on 10.1.0.0/16, I assume everything would work. However, we don't want to do this for a whole load of other reasons I wont go into.
  Im sure there must be a fairly simple solution - I just don't have enough experience!
  Cheers,
  Ben

• IPV6 DHCP stateful doesn't insert local subnet in route table

  I am setting up IPV6 on a LAN using satic IPs for Win2008 servers and DHCP stateful mode for Win7 clients.  All static assigned servers can ping each other and if I setup a static on the Win7 clients they can also ping the servers.  However when I assign DHCP stateful mode IP to the clients they lose the ability to ping the servers.  I think that was is going on is that when the Win7 machines get IP via DHCP they do not get a route in the routing table for the local subnet.  I have included IP info for static and DHCP clients in attachments.
  I figure if I could add the fd:0:0:1::/64 subnet to the DHCP client it would work but I haven't been able to find the correct syntax to add an "on-link" router.  Furthermore, this would kind of defeat the purpose of DHCP if I had to manually add routes to clients.
  I have a UC520 that is the default gateway on the LAN and seems to support IPV6.  Maybe this guy can help me out?
  Thanks in advance.

  Alain,
  I disagree about the /128.  If you look at the static host it also has a /128 route pointing to itself.  Also the IPV4 also shows /32 routes pointing to the local IP.  The static host has one additional route not found on the DHCP client which is the /64 route to the local subnet pointing to "on-link". It is not clear how to add an "on-link" route using netsh but my point is that DHCP should provide all info and relying on manually adding routes is not the optimal solution.
  The UC520 does not have any IPV6 on it.  I only mentioned it because usually I use Windows for DHCP but in this case Windows is giving me this weird behaviour.  I would rather get Windows DHCP to solve the problem but if it can't I would use the UC520 as a backup option.
  Thanks for your input.
  Rgds,
  Diego

• Add localhost to routing table

  Hello, 
  first post, be easy on me
  I would like to add a new entry to my WRTP54G's routing table that would resolve 'localhost' to 127.0.0.1.
  I have tried under SETUP > Advanced Routing > Static Routing
  Route name: localhost
  Destination IP: 127.0.0.1
  Subnet mask: 255.255.255.0
  Gateway: 127.0.0.1
  Hop Count: 0
  Interface: Local 
  to no avail. ( ERROR: Invalid Entry)
  Any help would be appreciated.
  JC  

  That settings are not available on your linksys router and it will not work.

• Static routes

  Hi all, if I had 4 ip subnets with 4 dsl routes on those subnets, and a router in the middle of them all which has interfaces in each subnet, If I point a route say 10/8 to each dsl router, will it load balance by the same ip source address it came from ?

  1. A router always has at least two IP addresses. Otherwise it cannot route traffic. Your E2000 has LAN IP address 10.10.100.1/255.255.255.0 and has a 192.168.0.*/255.255.255.0 address from your main router on the WAN port. Each IP address results in an automatic route entry for the corresponding network, thus you see the 10.10.100.0/255.255.255.0 route for the LAN side and the 192.168.0.0/255.255.255.0 route for the WAN side. The default gateway is the IP address of your main router, i.e. all other IP addresses are sent to the default gateway IP address on the WAN side.
  2. I don't understand why you want to add a static route here. Your E2000 has all the routes it needs.
  3. 192.168.0.1 is an IP address not a network. A network always consists of a network (IP) address and a subnet mask. 192.168.0.0/255.255.255.0 is a network.
  4. A static route for 192.168.0.1/255.255.255.0 with gateway 10.10.100.1 doesn't make any sense on your E2000. 10.10.100.1 is the LAN IP address of the E2000. That means you tell the E2000 to route packets for the network 192.168.0.0/255.255.255.0 to itself. The gateway IP address must always be the IP address of the next hop on the way to the destination. It can never be itself.
  (Sidenote: Technically, some operating systems show the own IP address as gateway when the network is directly connected, i.e. the packet is not routed but delivered directly to the recipient. In that case you would see the own IP address instead of 0.0.0.0 in the gateway column. But that's another representation in the routing table to tell the system that this network is delivered by other means than IP routing, i.e. usually delivered directly through the ethernet LAN network).

• Static Routing - WRT54

  I am using the Advanced Routing section.
  When I initially enter the IP addresses and click Save Settings the assignments work properly.
  When I power down my router and repower it, the assignments no longer work. I must SAVE SETTINGS each time after repowering the router for the assignments to take effect.
  Is there a solution?
  Thanks

  Router: Wrt54G V7 WRT54GV7
  I'm loosing my static routing once a day. That is, the route shows in the Entry list, but not when I click the "Show Routing table" button, and the particular route is not working.
  - I then have to register the route again manually.
  - Every time I register a route, it occupies a position in Entry List (1-20), which soon will be full.
  - I can not delete entries from the list, once that route is lost.
  - Also, when I click "Save Settings" with one of the lost routes selected in "Select set number:" then I'm getting the message "Failed to delete entries"
  Apart from this the box is working, but why could they not stick to Linux ???!?!?
  I think this is a BUG, and should be fixed with a firmware update. I'm using: Firmware Version: v7.00.4.
  I'm having the same problem on 2 equal boxes.
  Anyone else with this problem?
  Any solution?
  Keywords: "Advanced Routing", "Static Routing", "Delete this Entry", "Show Routing table", "Failed to delete entries"

• VPN connection created with CMAK fails to update routing table on Windows 8.1 with error 8000ffff

  When my clients connect their CMAK-created VPN, it fails to run the script to set their routing table with the following error:
  Custom script (to update your routing table) failed (8000ffff)
  My objective is to create a VPN connection with split tunneling - does not use the VPN connection as the client's default gateway.
  All my clients are on Windows 8.1 64-bit, and are logged in with Administrative privileges
  My VPN Clients are on 10.242.2.0/24, my internal network is on 10.172.16.0/24
  I want only traffic for 10.172.16.0 to go via the VPN. Everything else should go via the client's internet connection
  My Connection Manager Administration Kit profile, was created on Windows 2012 R2 CMAK with the following settings:
  "Make this connection the client's default gateway" is UNticked on the IPv4 tab.
  Define a routing table update is specified with a text file containing:
  +++ Start of txt file +++
  REMOVE_GATEWAY
  add 10.172.16.0 mask 255.255.255.0 default metric default if default
  +++ End of txt file +++
  The txt file is saved in DOS/Windows format (not Unicode or UTF-8 which I've read causes problems)
  I've tried everything in lower and upper case in the txt file after reading that the file might be case sensitive
  The following appears on the client with logging enabled:
  [cmdial32] 10:42:34
  03 Pre-Init Event       CallingProcess = C:\WINDOWS\system32\rasautou.exe
  [cmdial32] 10:42:40
  04 Pre-Connect Event    ConnectionType = 1
  [cmdial32] 10:42:40
  06 Pre-Tunnel Event     UserName = UserName Domain =  DUNSetting = VPN (L2TP x64 NoGW) Tunnel DeviceName =  TunnelAddress = vpn.mydomain.tld
  [cmdial32] 10:42:43
  07 Connect Event
  [cmdial32] 10:42:43
  09 Custom Action Exe    ActionType = Connect Actions Description = (none) ActionPath = CMDL32.EXE. The program was launched successfully.
  [cmdial32] 10:42:43
  08 Custom Action Dll    ActionType = Connect Actions Description = to update your routing table ActionPath = C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections\Cm\VPN64\CMROUTE.DLL ReturnValue
  = 0x8000ffff
  [cmdial32] 10:42:43
  21 On-Error Event       ErrorCode = -2147418113 ErrorSource = to update your routing table
  [cmdial32] 10:42:43
  13 Disconnect Event     CallingProcess = C:\WINDOWS\system32\cmdial32.dll
  Where can I find out what error codes 8000ffff or -2147418113 mean?

  That was it. Thanks, Steven
  "By default, the dial-up entry and the VPN entry have Make this connection the default gateway selected.
  Leave this default in place, and remove any gateways by using the REMOVE_GATEWAY command in the routing table update file itself."
  It seems counter-intuitive to leave
  Make this connection the default gateway selected, when I specifically don't want that behaviour, but leaving it selected and using REMOVE_GATEWAY works for me.