Solved

Cannot remove old VPN static route from Pix

Posted on 2013-12-18
3
397 Views
Last Modified: 2013-12-25
Recently I removed a vpn that was routing traffic for a few subnets out my pix.
It looks like the pix will not remove the static routes that it created automatically.
Below are my static routes that are in the config and below that is the current routing table
The BOLD ones are the ones that should just go away.
On the peer firewall they went away as soon as I got rid of the access list pertaining to the vpn.  I have tried clear xlates, clear ip route ouside....but still cannot get it to go away.

Any help is appreciated.

route outside 0.0.0.0 0.0.0.0 99.123.123.1 1
route inside 10.0.0.0 255.255.255.0 192.168.13.1 1
route inside 10.0.10.0 255.255.255.0 192.168.13.1 1
route inside 10.0.11.0 255.255.255.0 192.168.13.1 1
route inside 10.0.13.0 255.255.255.0 192.168.13.1 1
route inside 10.0.14.0 255.255.255.0 192.168.13.1 1
route inside 10.0.16.0 255.255.255.0 192.168.13.1 1
route inside 192.168.0.0 255.255.0.0 192.168.13.1 1
route inside 192.168.1.164 255.255.255.255 192.168.13.1 1


Gateway of last resort is 99.123.123.1 to network 0.0.0.0

R    192.168.12.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    192.168.13.0 255.255.255.0 is directly connected, inside
R    192.168.14.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.15.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.8.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.9.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.10.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    99.123.123.0 255.255.255.192 is directly connected, outside
R    192.168.40.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.11.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.4.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.5.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
S    10.0.10.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.11.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.14.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.13.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.0.0 255.255.255.0 [1/0] via 192.168.13.1, inside
C    10.1.0.0 255.255.255.0 is directly connected, dmz
S    10.0.16.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.10.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.6.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.7.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.1.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.1.164 255.255.255.255 [1/0] via 192.168.13.1, inside
R    192.168.2.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.3.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 99.123.123.1, outside
S    192.168.0.0 255.255.0.0 [1/0] via 192.168.13.1, inside
0
Comment
Question by:brian_appliedcpu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39732569
Have you tried:

no route outside 10.10.254.0 255.255.255.0  99.123.123.1
no route outside 192.168.254.0 255.255.255.0 99.123.123.1
0
 
LVL 2

Accepted Solution

by:
brian_appliedcpu earned 0 total points
ID: 39733148
Yes, it said they did not exist.
We eventually rebooted the firewall and it cleared the routes.
0
 
LVL 2

Author Closing Comment

by:brian_appliedcpu
ID: 39738972
Rebooting the router flushed the routes.   I think the firewall was just being stupid.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CISCO ASA 5505 double Wan 8 50
ASA NAT rule change 3 86
IPAD vpn connection 3 34
how to know if a router is connected to a certain port 9 49
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question