Solved

Cannot remove old VPN static route from Pix

Posted on 2013-12-18
3
394 Views
Last Modified: 2013-12-25
Recently I removed a vpn that was routing traffic for a few subnets out my pix.
It looks like the pix will not remove the static routes that it created automatically.
Below are my static routes that are in the config and below that is the current routing table
The BOLD ones are the ones that should just go away.
On the peer firewall they went away as soon as I got rid of the access list pertaining to the vpn.  I have tried clear xlates, clear ip route ouside....but still cannot get it to go away.

Any help is appreciated.

route outside 0.0.0.0 0.0.0.0 99.123.123.1 1
route inside 10.0.0.0 255.255.255.0 192.168.13.1 1
route inside 10.0.10.0 255.255.255.0 192.168.13.1 1
route inside 10.0.11.0 255.255.255.0 192.168.13.1 1
route inside 10.0.13.0 255.255.255.0 192.168.13.1 1
route inside 10.0.14.0 255.255.255.0 192.168.13.1 1
route inside 10.0.16.0 255.255.255.0 192.168.13.1 1
route inside 192.168.0.0 255.255.0.0 192.168.13.1 1
route inside 192.168.1.164 255.255.255.255 192.168.13.1 1


Gateway of last resort is 99.123.123.1 to network 0.0.0.0

R    192.168.12.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    192.168.13.0 255.255.255.0 is directly connected, inside
R    192.168.14.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.15.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.8.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.9.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.10.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    99.123.123.0 255.255.255.192 is directly connected, outside
R    192.168.40.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.11.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.4.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.5.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
S    10.0.10.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.11.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.14.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.13.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.0.0 255.255.255.0 [1/0] via 192.168.13.1, inside
C    10.1.0.0 255.255.255.0 is directly connected, dmz
S    10.0.16.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.10.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.6.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.7.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.1.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.1.164 255.255.255.255 [1/0] via 192.168.13.1, inside
R    192.168.2.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.3.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 99.123.123.1, outside
S    192.168.0.0 255.255.0.0 [1/0] via 192.168.13.1, inside
0
Comment
Question by:brian_appliedcpu
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39732569
Have you tried:

no route outside 10.10.254.0 255.255.255.0  99.123.123.1
no route outside 192.168.254.0 255.255.255.0 99.123.123.1
0
 
LVL 2

Accepted Solution

by:
brian_appliedcpu earned 0 total points
ID: 39733148
Yes, it said they did not exist.
We eventually rebooted the firewall and it cleared the routes.
0
 
LVL 2

Author Closing Comment

by:brian_appliedcpu
ID: 39738972
Rebooting the router flushed the routes.   I think the firewall was just being stupid.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question