Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cannot remove old VPN static route from Pix

Posted on 2013-12-18
3
Medium Priority
?
400 Views
Last Modified: 2013-12-25
Recently I removed a vpn that was routing traffic for a few subnets out my pix.
It looks like the pix will not remove the static routes that it created automatically.
Below are my static routes that are in the config and below that is the current routing table
The BOLD ones are the ones that should just go away.
On the peer firewall they went away as soon as I got rid of the access list pertaining to the vpn.  I have tried clear xlates, clear ip route ouside....but still cannot get it to go away.

Any help is appreciated.

route outside 0.0.0.0 0.0.0.0 99.123.123.1 1
route inside 10.0.0.0 255.255.255.0 192.168.13.1 1
route inside 10.0.10.0 255.255.255.0 192.168.13.1 1
route inside 10.0.11.0 255.255.255.0 192.168.13.1 1
route inside 10.0.13.0 255.255.255.0 192.168.13.1 1
route inside 10.0.14.0 255.255.255.0 192.168.13.1 1
route inside 10.0.16.0 255.255.255.0 192.168.13.1 1
route inside 192.168.0.0 255.255.0.0 192.168.13.1 1
route inside 192.168.1.164 255.255.255.255 192.168.13.1 1


Gateway of last resort is 99.123.123.1 to network 0.0.0.0

R    192.168.12.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    192.168.13.0 255.255.255.0 is directly connected, inside
R    192.168.14.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.15.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.8.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.9.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.10.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
C    99.123.123.0 255.255.255.192 is directly connected, outside
R    192.168.40.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.11.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.4.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
R    192.168.5.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:22, inside
S    10.0.10.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.11.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.14.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.13.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.0.0.0 255.255.255.0 [1/0] via 192.168.13.1, inside
C    10.1.0.0 255.255.255.0 is directly connected, dmz
S    10.0.16.0 255.255.255.0 [1/0] via 192.168.13.1, inside
S    10.10.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.6.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.7.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.254.0 255.255.255.0 [1/0] via 99.123.123.1, outside
R    192.168.1.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S    192.168.1.164 255.255.255.255 [1/0] via 192.168.13.1, inside
R    192.168.2.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
R    192.168.3.0 255.255.255.0 [120/1] via 192.168.13.1, 0:00:23, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 99.123.123.1, outside
S    192.168.0.0 255.255.0.0 [1/0] via 192.168.13.1, inside
0
Comment
Question by:brian_appliedcpu
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 39732569
Have you tried:

no route outside 10.10.254.0 255.255.255.0  99.123.123.1
no route outside 192.168.254.0 255.255.255.0 99.123.123.1
0
 
LVL 2

Accepted Solution

by:
brian_appliedcpu earned 0 total points
ID: 39733148
Yes, it said they did not exist.
We eventually rebooted the firewall and it cleared the routes.
0
 
LVL 2

Author Closing Comment

by:brian_appliedcpu
ID: 39738972
Rebooting the router flushed the routes.   I think the firewall was just being stupid.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question