Solved

asa 5510 routes

Posted on 2006-06-08
6
389 Views
Last Modified: 2010-04-12
ive got an asa5510 in place of a pix.  the previous pix was configured with static routes of my entire network.  cant the asa pickup routes from one of my routers?  right now, anytime i add a new network, i have to make sure that i enter the static route on the asa.

here are the routes:
route outside 0.0.0.0 0.0.0.0 208.6.12.65 1
route inside 172.17.1.0 255.255.255.0 172.17.100.1 1
route inside 172.17.2.0 255.255.255.0 172.17.100.1 1
route inside 172.17.3.0 255.255.255.0 172.17.100.1 1
route inside 172.17.4.0 255.255.255.0 172.17.100.1 1
route inside 172.17.5.0 255.255.255.0 172.17.100.1 1
route inside 172.17.6.0 255.255.255.0 172.17.100.1 1
route inside 172.17.7.0 255.255.255.0 172.17.100.1 1
route inside 172.17.8.0 255.255.255.0 172.17.100.1 1
route inside 172.17.9.0 255.255.255.0 172.17.100.1 1
route inside 172.17.10.0 255.255.255.0 172.17.100.1 1
route inside 172.17.11.0 255.255.255.0 172.17.100.1 1
route inside 172.17.30.0 255.255.255.0 172.17.100.1 1
route inside 172.17.40.0 255.255.255.0 172.17.100.248 1
route inside 172.17.101.0 255.255.255.0 172.17.100.250 1
route inside 172.17.102.0 255.255.255.0 172.17.100.248 1
route inside 200.130.130.0 255.255.255.0 172.17.100.248 1


aside from the route to the outside, every other route should be able to be picked up from my router at 172.17.100.1.  can the asa do that or am i stuck with static routes?
0
Comment
Question by:WMIF
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Accepted Solution

by:
nodisco earned 125 total points
ID: 16865776
Hey there

Does the router run any routing protocol?  Ospf and RIP are supported by PIX/ASA (eigrp is not) so you could configure a routing protocol so the statics would not be necessary.

Have a look at the ospf and rip sections of this link for configuration on the ASA 5500 series:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247f.html

hope this helps


0
 
LVL 22

Author Comment

by:WMIF
ID: 16865784
i forgot to mention that im running eigrp on that router.
0
 
LVL 22

Author Comment

by:WMIF
ID: 16865825
sounds like i probably want to stick with static routes then if im using eigrp on the rest of my routers.  would you agree?

otherwise i would have to setup rip or ospf on the 100.1 router to replicate the eigrp routes over to the pix.  i dont think that is worth the hassle that it will save with static routes on the asa.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 19

Expert Comment

by:nodisco
ID: 16867629
hi WMIF

You could setup a small ospf area on the router, redistribute eigrp learned routes into ospf and then setup ospf on the pix.  But considering the amount of statics you have in use - yes, I would continue just using statics if i were you.

hth
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16869649
Personally with 3 other routers in the mix, I'd go with OSPF on all 4 devices. Do you have any alternate gateways if your Internet is down outside the ASA? The ASA can advertise the default with OSPF and the other routers can redistribute their eigrp routes. No statics anywhere..
 
0
 
LVL 22

Author Comment

by:WMIF
ID: 16871713
172.17.100.250 was actually an old route that is incorrect.  i noticed that after i posted and corrected it on the asa.  it now points to the 172.17.100.248 which is a layer 3 3550 12g switch.

the 172.17.100.1 is attached to a frame-relay with 11 other routers on the other side.  that is the eigrp group.  the routes on the 12g are static entries on the 100.1 router.

the internet connection is not THAT critical to us, so we only have a single t1 line.  i just have to put up with the users phone calls and whining when they cant get to their precious websites.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question