Static routes

Hi all, if I had 4 ip subnets with 4 dsl routes on those subnets, and a router in the middle of them all which has interfaces in each subnet, If I point a route say 10/8 to each dsl router, will it load balance by the same ip source address it came from ?

1. A router always has at least two IP addresses. Otherwise it cannot route traffic. Your E2000 has LAN IP address 10.10.100.1/255.255.255.0 and has a 192.168.0.*/255.255.255.0 address from your main router on the WAN port. Each IP address results in an automatic route entry for the corresponding network, thus you see the 10.10.100.0/255.255.255.0 route for the LAN side and the 192.168.0.0/255.255.255.0 route for the WAN side. The default gateway is the IP address of your main router, i.e. all other IP addresses are sent to the default gateway IP address on the WAN side.
2. I don't understand why you want to add a static route here. Your E2000 has all the routes it needs.
3. 192.168.0.1 is an IP address not a network. A network always consists of a network (IP) address and a subnet mask. 192.168.0.0/255.255.255.0 is a network.
4. A static route for 192.168.0.1/255.255.255.0 with gateway 10.10.100.1 doesn't make any sense on your E2000. 10.10.100.1 is the LAN IP address of the E2000. That means you tell the E2000 to route packets for the network 192.168.0.0/255.255.255.0 to itself. The gateway IP address must always be the IP address of the next hop on the way to the destination. It can never be itself.
(Sidenote: Technically, some operating systems show the own IP address as gateway when the network is directly connected, i.e. the packet is not routed but delivered directly to the recipient. In that case you would see the own IP address instead of 0.0.0.0 in the gateway column. But that's another representation in the routing table to tell the system that this network is delivered by other means than IP routing, i.e. usually delivered directly through the ethernet LAN network).

Similar Messages

Default static route and Null 0

Hi Everyone,
Need to clear some doubts for below setup
Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
3550A#                      sh run int fa0/11
Building configuration...
Current configuration : 272 bytes
interface FastEthernet0/11
description OSPF LAN Connection to 2691 Router Interface Fas 0/1
no switchport
ip address 192.168.5.2 255.255.255.254
sh ip route shows
3550A#sh ip route
Gateway of last resort is 192.168.5.3 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
3550A#
All is working fine.
For testing purposes i config below static route on 3550A
ip default-network 192.168.1.0
ip route 192.168.1.0 255.255.255.0 Null0
After above change
3550A#           sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S*   192.168.1.0/24 is directly connected, Null0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
Now i can not ping to internet as below
3550A#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
When we ping from Switch then source IP is always the Outside interface IP right?
So in this case Switch is using which IP as source?
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
Extended ping works fine as below
3550A#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.5.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
Regards
MAhesh

Hi Mahesh,
When we ping from Switch then source IP is always the Outside interface IP right?
That is correct. By default it is always the outgoing interface on the device unless you specify it differently.
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
That is correct. Null0 can't be used as next-hop.
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
HTH
Reza

Advertise implicit-null label for static routes

Hi, I want to ask if there is any way to change the label or stop adveritise label for an static route. Normally LDP advertises an Implicit Null label for directly connected routes. We want to do similar thing for static routes.
We need to do this is because somehow we need to do rate-limit on the PE interface connecting to the core network instead of the interface connecting to CE. As the incoming packets still got labelled, the rate-limit is skipped. So we want to stop the PE creates label for the static routes or advertises them with implicit null label. Thanks in advance.

Calvin,
Bear in mind that if you only enter the "no mpls ldp advertise-label" command, LDP will stop propagating all labels, which might not ba what you want. If you selectively want to propagate certain labels, then you need to also use "mpls advertise label for " as Shivlu suggested.
Regards,

Check for Null in Mediator Static Routing filter

Using Expression Builder for Mediator component how can I check the values for NULL in a particular XML element. In my case the XSD is
<xs:complexType name="OdsCadDataSet">
<xs:choice>
<xs:element name="odsCadCase" type="OdsCadCase" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadEvent" type="OdsCadEvent" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadUnitStatus" type="OdsCadUnitStatus"
minOccurs="0" maxOccurs="1"/>
</xs:choice>
</xs:complexType>
I want to check in expression builder of mediator whether odsCase, odsCadEvent, odsCadUnitStatus is been processed. I have three static routing for each element and plan to put filter which checks is odsCadCase is null and so forth. How to have this use case.
Thanks
Edited by: user5108636 on 28/06/2010 00:15

helo, i have same problem here...
I have a xsd:choice on request like this:
<message>
<properties>
<property name="tracking.compositeInstanceId" value="80003"/>
<property name="tracking.ecid" value="0000J1MQVAZBDC^5lVg8yZ1DtZWJ000T5r"/>
<property name="transport.http.remoteAddress" value="10.106.17.137"/>
</properties>
<parts>
<part name="request">
<ns1:parametrosConsultaGuia>
<ns1:guiaCompensacaoRequest>
<ns1:anoGuia>2011</ns1:anoGuia>
<ns1:numeroGuia>314</ns1:numeroGuia>
<ns1:codigoFatoGerador>6</ns1:codigoFatoGerador>
<ns1:codigoPorte>77011</ns1:codigoPorte>
</ns1:guiaCompensacaoRequest>
<ns1:guiaComplementarRequest>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoPorte/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaComplementarRequest>
<ns1:guiaDesarquivamentoRequest>
<ns1:codigoAssunto/>
<ns1:idPessoa/>
</ns1:guiaDesarquivamentoRequest>
<ns1:guiaDividaAtivaRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaDividaAtivaRequest>
<ns1:guiaNormalRequest>
<ns1:codigoEntidade/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaNormalRequest>
<ns1:guiaReferenciaRequest>
<ns1:numeroGuiaPai/>
<ns1:anoGuiaPai/>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoAssunto/>
</ns1:guiaReferenciaRequest>
<ns1:guiaRemanescenteRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaRemanescenteRequest>
<ns1:guiaMultaRequest>
<ns1:codigoEntidade/>
<ns1:dataVencimento/>
<ns1:valorMulta/>
<ns1:percentualDesconto/>
<ns1:percentualAcrescimo/>
</ns1:guiaMultaRequest>
</ns1:parametrosConsultaGuia>
</part>
</parts>
</message>
I tried everything to check if some of the requests are filled but allways mediator returns null:
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaReferenciaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaCompensacao.getGuiaCompensacao"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "$in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaCompensacaoRequest != ''" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaRemanescenteService.getGuiaRemanescente"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaRemanescenteRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaMultaService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaMultaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDividaAtiva.getGuiaDividaAtiva"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDividaAtivaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDesarquivamento.getGuiaDesarquivamento"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDesarquivamentoRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaComplementarService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaComplementarRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaNormalService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaNormalRequest) > 0" resulted false
<payload>

Problems setting up static routing

HI
I'm having a problem setting up static routing. I keep getting the message "invalid static route". I have an E1550 router and my frimware is up to date. I have tried a few different gateway addresses ie 192.168.1.1, 127.0.0.1 and my router's address on the net, but I keep getting the same message. Has anyone else had this problem and been able to fix it?

I think the E1550 router supports LAN to LAN routing provided that you have two local networks. If you only have a plain modem and the E1550, I believe you can't do Static routing on that type of setup. Found this link that might help: http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=12a84336a124498eb5d6f0204b85191e_17589.xml&pid=80&...

Is there a way to add a static route in an Ipod touch ?

I am trying to get the ipod touch to configure correctly for our wireless network.
The wireless side does not provide DNS or DHCP directly . Rather this is done from a different
subnet . This assists to a small extent with our wirless security in that the attacker must also know
routing address and DNS and DHCP addresses to steal web access. In windows or Linux this can be done
by route add (DHCP IP Address) netmask 255.255.255.255 (gateway IP address)
and route add (DNS IP Address) netmask 255.255.255.255 (gateway IP address)
and manually specifying the DNS and DHCP addresses. Even if i manually enter the
the IP address without a simple static route I will not get DNS services across the gateway.
I am no apple expert but route add has been in use since the internet was still on 2 wheels
surely this can still be done ?
Thanks in advance

hi!
have you seen javax.swing.JMenuItem ?
and have a look into
http://java.sun.com/docs/books/tutorial/uiswing/components/menu.html
:)

Setting up static routing in sa520. Im stuck.

Hello,
I finally got my cisco router and all excited about it i tried to set it up. Everything went fine until i wanted a local machine to get its own IP adress that is reachable from the outside.
Basicly i used static IP setting in the wan/ip4v menu. This worked great and with the router assigning dhcp too all computers.
Now all the local computers has internet connection and they share one ip adress on the outside.
As for where im stuck. I have a xserve with 2 networkcards. It runs a FTP server which we use local but we also have customers needing to reach it from the outside. The local FTP works but im having difficulties assigning a outside IP too it. Our ISP has provided 5 different ipadresses.
I have tried to do this in 2 different ways where the second way is preferable.
first try:
Use the optional port as a second wan. give it the same settings as the first wan got but another ip-adress.
Then connect the xserves outside network card directly too that wan port and use dhcp. This did not work.
second try:
Assign a static routing from the wan2(optional port) too the local ipadress for the xserve.
Can someone elaborate on how this should be done?
Thank you.
Edit:
Later today i will try this firewall rule.
http://bildr.no/view/580301
Basicly i want to forward any connections from wan2 too 192.168.1.33 which is my server. Does that look correct?

Thank you for your quick reply.
Im using version 1.1.21.
Im actully quite sure that its a user problem rather then firmware error. It´s the first time i evern touch a Cisco router and i havn´t done that much networking.
I can show you how i did it on my xserve. Maybe you can elaborate on how i can do it the same way.
    redirect_port
            proto
            tcp
            targetIP
            192.168.1.50
            targetPortRange
            80
            aliasIP
            77.40.XXX.220
            aliasPortRange
            8888
Basicly it says push whatever trafic from ip 77.40.xxx.220 too 192.168.1.50 on the local network.
How can i do the same thing on my cisco router? It´s a NAT ip-forward rule.
Edit:
Screenshot shows what i have been trying.
I have chosen optional wan which is set to use another external IP adress but this does not work. It would be so much easier if i could just type in the external IP adress there and use the same gateway, dns as the main WAN.
Added config aswell.
Thank you.

How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
56128's where my static routes are:
ip route 192.168.101.0/24 192.168.30.77 name firewall 250
router eigrp 65100
redistribute static route-map Static-To-Eigrp
route-map Static-To-Eigrp permit 10
match ip address prefix-list Static2Eigrp
ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
Edge device:
router eigrp 65100
network 172.18.0.5 0.0.0.0
network 172.18.0.32 0.0.0.3
network 172.18.0.36 0.0.0.3
redistribute ospf 65100 metric 2000000 0 255 1 1500
redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
passive-interface default
no passive-interface Port-channel11
no passive-interface Port-channel12
eigrp router-id 172.18.0.5
router ospf 65100
router-id 172.18.0.5
log-adjacency-changes
redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
passive-interface default
no passive-interface GigabitEthernet1/0/1
no passive-interface GigabitEthernet1/0/2
no passive-interface GigabitEthernet2/0/1
no passive-interface GigabitEthernet2/0/2
network 172.18.0.0 0.0.255.255 area 0
ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
route-map EIGRP_INTO_OSPF permit 10
match ip address prefix-list EIGRP_INTO_OSPF

So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.

Interworking on Static Routing as IGP

Was testing interworking between Vlan over ethernet and FR. As long as my LDP was on static routing, I couldnt reach end-to-end. The moment i configured OSPF as my routing protocol it came up. Can anyone let me know what the reason could be ?

Gautam,
This is actually normal behavior.
Before the label learnt via an LDP peer is coupled to a route in the FIB, the next-hop IP address of the route needs to match one of the interface IP addresses bound to the LDP peer (see below). So basically it will not work without a next IP address.
r2#sh mpls ldp nei
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.11004 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 27/27; Downstream
Up time: 00:15:07
LDP discovery sources:
Serial3/0, Src IP addr: 192.168.23.3
Addresses bound to peer LDP Ident:
3.3.3.3 192.168.34.3 192.168.23.3 <++++++ the route next hop has to match one of these addresses.
Hope this helps,

IP SLA, Tunnels, and static routes

Here's the scenario: 1 router will have a primary and secondary ISP connection. I set up an SLA to track connectivity on the primary connection. Here are the static routes:
ip route 0.0.0.0 0.0.0.0 Tunnel55 track 10
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/0 track 10
ip route 12.54.X.Y 255.255.255.255 X.15.115.X track 10
ip route 192.168.32.0 255.255.240.0 Tunnel55 track 10
ip route 192.168.48.0 255.255.252.0 Tunnel55 track 10
ip route 192.168.56.0 255.255.255.0 Tunnel55 track 10
ip route 0.0.0.0 0.0.0.0 Tunnel56 254
ip route 12.54.X.X 255.255.255.240 GigabitEthernet0/1 254
ip route 12.54.X.Y 255.255.255.255 X.15.81.X 254
ip route 192.168.32.0 255.255.240.0 Tunnel56 254
ip route 192.168.48.0 255.255.252.0 Tunnel56 254
ip route 192.168.56.0 255.255.255.0 Tunnel56 254
So I shut down the port (gi0/0) belonging to the primary port. At this point, it seemed like it worked fine. The routes shifted over to the backup routes. However, when I re-enabled the port, only two of the routes switched back. The routes pointing to Tunnels stayed on the secondary tunnel. When I browsed my static routes, I saw this:
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S*    0.0.0.0/0 is directly connected, Tunnel56
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S        12.x.x.16/28 is directly connected, GigabitEthernet0/0
S        12.x.y.20/32 [1/0] via x.15.115.x
S     192.168.32.0/20 is directly connected, Tunnel56
S     192.168.48.0/22 is directly connected, Tunnel56
S     192.168.56.0/24 is directly connected, Tunnel56
Is there something special I need to do for Tunnels to allow the Tunnel routes to switch back automatically?

Hello Ken,
I can see you are sending the probe packets to the same object ( using the track ID 10 )
After you bring the interface tunnel up, can you confirm if you can send traffic to that object?
Regards,
Julio

In A Perfect World - Using Static Routes In RRAS 2012 To Traverse Sites

I have site-to-site VPN tunnels between my main sites
NYC <--> UK
NYC <----> SANFRAN
NYC <----> BOSTON
NYC <----> MALTA
UK <----> SANFRAN
UK <----> BOSTON
And could see ALL sites when I had my DA/RRAS server using one of the existing subnets (for example, when I used US VPN on NYC DHCP (192.168.2.x) I was able to see EVERYTHING on any site we had a site-to-site VPN with (i.e. from VPN client I could access
MALTA, UK, SANFRAN, BOSTON).
Alas I had to change that to a different subnet (192.168.145.x) and now only see the 192.168.2.x network in NYC.
Is there a way to add static routes on the NYC & UK DA/RRAS servers so this access is restored? Or would this be solved at the Layer 2/3 network level?
Michael P. O'Hara

No, you need to allow forwarding of broadcast packet, but it's really against the best-practice, as you can kill easilly your satellite link.
I agree with you for wins, as I personnaly does not use it and try to remove it when I see someone use it, but it's the only solution for what you want (network discovery over LAN). (even LLTD is not routable beyond router)
Editted: You need to see all machines, but does the enduser must see them ?
Regards, Philippe
Don't forget to mark as answer or vote as
helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it!

Cannot add static routes wrt350n

Router has latest firmware and was just set to default values. I cannot add a static route, says "static route invalid" no matter what address I input (keeping it simple, trying 192.168.1.XXX)
I have never had this problem with any other router and I'm thinking it's broken. Thought I'd ask here to make sure I wasn't missing a setting before I throw this thing out the window.
Any help would be appreciated.
Thanks, Nick.

Thanks for the help, it is appreciated...
I would like to use a static IP address for my LAN multimedia server, MythTV reccommends a static address for the backend server. I have also always used Static IP addresses for my LAN.
I am a little confused, and my networking is very rusty so please bear with me. Perhaps I have not provided enough information, because I do not fully understand your response. I don't understand how subnetting is relevant.
My network is a simple home network, with one router separating my LAN from the cloud. I have one LAN, no subnetting, 192.168.1.0/255.255.255.0.
Every home router I have used before I have set up the LAN portion like this... And it has always worked in the past...
gateway: 192.168.1.1/24.
static routes 192.168.1.(2-5)/24 for my stationary hosts.
dhcp range 192.168.1.(10-15)/24 for laptops and guests.
In response:
1) Yes it is LAN traffic, but the hosts still need addresses, right? Not sure what you're getting at here.
2) Not sure what you mean... example host 192.168.1.20/24, and the router 192.168.1.1/24are both within the 192.168.1.0/24 network, right? So requests from the cloud are broadcast to all in my LAN, right? How is this relevant?
3) I thought the gateway (on my only router) has to be part of the LAN addressing. By Linksys/Cisco default, the router LAN side gateway is 192.168.1.1/24 and it sends out dhcp addresses to 192.168.1.(100-149)/24.
Am I severly confused or are we just on the wrong page?

Need Help for configuring Floating static route in My ASA.

Hi All,
I need your support for doing a floating static route in My ASA.
I have tried this last time but i was not able to make it. But this time i have to Finish it.
Please find our network Diagram and configuration of ASA
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.3.77 255.255.255.255 inside
http 10.10.8.157 255.255.255.255 inside
http 10.10.3.59 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set cpa esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_cpa 1 match address acl_cpavpn
crypto map vpn_cpa 1 set peer a.a.a.a
crypto map vpn_cpa 1 set transform-set abc
crypto map vpn_cpa 1 set security-association lifetime seconds 3600
crypto map vpn_cpa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 10.10.3.77 255.255.255.255 inside
telnet 10.10.8.157 255.255.255.255 inside
telnet 10.10.3.61 255.255.255.255 inside
telnet timeout 500
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.10.3.14
webvpn
tunnel-group .a.a.a.a ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 10.10.5.11
prompt hostname context
Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
: end
i think half of the configuration stil there in the ASA.
Diagram.
Thanks
Roopesh

You have missed the last command in your configuration, Please check it again
route ISP1 0.0.0.0 0.0.0.0 6.6.6.6 track 1
route ISP2 0.0.0.0 0.0.0.0 3.3.3.3
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
You can do NAT in same way, here the logical name of the interface will be different.
Share the result
Please rate any helpful posts.

ISE version 1.3 and static route not working

This command works without any issues with ISE version 1.1 and 1.2:
ip route 192.168.1.1 255.255.255.255 gateway 127.0.0.1
However, it does NOT work in ISE version 1.3. See below:
ciscoisedev/admin(config)# ip route 192.168.1.1 255.255.255.255 gateway 127.0.0.1
% Warning: Could not find outgoing interface for gateway 127.0.0.1 while trying to add the route.
% Error: Error adding static route.
ciscoisedev/admin(config)#
Any ideas anyone?

So it appears that there is no option to lock down access to the shell now that the command that you used to use is no longer valid. What is worse is that there isn't an option to create an ACL in the shell that you could attach to the interface. So I would recommend that you create a defect with Cisco TAC and get this re-added or request that ACL functionality is added.
For the GUI (in case you were not already aware of this), you can restrict access from Administration > Admin Access > Settings > Access > IP Access

Load balancing by equal cost Static Routes

Hello All,
I have 2 WAN links for Internet connectivity and I want to load balance IP traffic on both links. If I use 2 default routes like this,
ip route 0.0.0.0 0.0.0.0 serial 0
ip route 0.0.0.0 0.0.0.0 serial 1
then its enough to achieve load balancing or I have to configure following interface configuration command.
(config-int)# ip load-sharing per-packet
Kindly advice.
Regards,
Mujeeb

hi ankurbhasin. I have one doubt pertaining to per-packet load-sharing. In order to connect my two remote sites- A & B, Site A is having two WAN links and Site B is having two WAN links - one from ISP1 (30Mbps link) and the other from ISP2 (50Mbps link). I am doing static route load balancing using same AD values for both the ISPs. I have configured "ip load-sharing per-packet" on both the outgoing interfaces.
The load is getting distributed equally across both the links but total bandwidth utilization across both the links is not going beyond 30Mbps. The combined bandwidth of both links is 80Mbps (50+30). However links are not getting fully utilized even though heavy load is there on the links. Can you please tell me how to make full use of both the wan links at both the ends?

Cisco UC560 Not Clearing Static Routes When VPN Connections Drop

We have a Cisco UC560 (UC560-FXO-K9) running "Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M),
Version 15.1(2)T2, RELEASE SOFTWARE (fc1)" The issue is when we have end users connecting with the Cisco VPN Client to this device sometimes we are unable to connect to any devices on our LAN or sometimes we can't connect to the LAN on the other end of our site-to-site VPN. The one symptom I've observed when this happens is that old VPN sessions that have disconnected appear to leave static routes from the user's outside IP at their home to an IP on our LAN to a Virtual-Access interface. When this starts to happen, I restart the firewall to clear out the stale static routes and the problem is fixed, for a while at least. Below is the current state where we have the site-to-site VPN connected to our branch office and 2 user's connected with Cisco VPN clients. Below that is the static route table which has 5 total Virtual-Access interface routes (one is an extra route for a user currently connected so that their outside IP is in the static route table with 2 inside IP's associated.) Is there a way to fix the cleanup of VPN connections when they terminate?
#sh crypto isakmp peers
Peer: <branch office outside IP> Port: 500 Local: <firewall's outside IP>
Phase1 id: <branch office outside IP>
Peer: <users's outside IP #1> Port: 50420 Local: <firewall's outside IP>
Phase1 id: EZVPN_GRP_437
Peer: <user's outside IP #2> Port: 49345 Local: <firewall's outside IP>
Phase1 id: EZVPN_GRP_437
Bugsy#sh ip ro st
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is <next hop of ISP for firewall> to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via <next hop of ISP for firewall>
      10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
S        10.0.0.153/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
S        10.0.0.155/32 [1/0] via <non-connected IP of VPN user>, Virtual-Access2
S        10.0.0.156/32 [1/0] via <user's outside IP #2>, Virtual-Access3
S        10.0.0.158/32 [1/0] via <user's outside IP #1>, Virtual-Access3
S        10.0.0.159/32 [1/0] via <user's outside IP #2 again>, Virtual-Access2
S        10.1.10.1/32 is directly connected, Vlan90

Hi Brian,
This sounds like you are running into the following known issue:
CSCtl03682 - EzVPN client: Several RRI routes pointing to same virtual interface
which is Dup'd to:
CSCtf39056 - RRI routes not deleted
This is fixed since 15.1(2)T4, so I would recommend upgrading to SWP 8.2 or higher. The only other way to clean up the stuck routes is to reload the router.
Thanks,
Brandon

Static routes

Similar Messages

Maybe you are looking for