Scribd
Upload
38 views12 pages

3.+Routing+on+the+ASA+ +Static+Routes

The document discusses configuring static routes and default routes on a Cisco ASA firewall. It provides an overview of static routing and explains how to configure static and default routes using the "route" command. It also includes verification commands and provides an example lab configuration to configure static routes on an ASA to reach various network loops behind surrounding routers.

Uploaded by

Jose Carlos Fernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
38 views12 pages

3.+Routing+on+the+ASA+ +Static+Routes

The document discusses configuring static routes and default routes on a Cisco ASA firewall. It provides an overview of static routing and explains how to configure static and default routes using the "route" command. It also includes verification commands and provides an example lab configuration to configure static routes on an ASA to reach various network loops behind surrounding routers.

Uploaded by

Jose Carlos Fernandez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Routing on the ASA - c

Static Routes
KHAWAR BUTT
CCIE # 12353 [R/S, SECURITY, SP, DC, VOICE, STORAGE & CCDE]
Overview
 Configuring Static Routes
 Configuration Commands
 Configure Default Routes c

 Configuration Commands
 Verification Commands
 Lab Configuration
Static Routing
 Static Routes are User-defined, manually created routes.

 As the ASA has full routing capabilities by default, you can configure Static Routing on it.

 The administrator creates Static Routes on a Ciscoc ASA Firewall using the Route Command.

 The administrator is responsible for creating routes for each network that is in your topology.

 If a new route is added in the network, you would need to add the new route manually on each and every
router.

 It is not suitable for a large/dynamic environment.

 In case a route goes down, the other routers are not going to be aware of the change and will continue to
send traffic towards the router.
Configuration Commands
 The syntax for the Static Route Command [IP Route] is :

Route [Exit Interface] [Network] [Mask] [Next Hop]

c
 For our network, if the ASA wants to reach the 10.1.1.0/24 network, which is behind R1, you
would create a static route using the following:

Route inside 10.1.1.0 255.255.255.0 10.11.11.1

Destination Network: 10.1.1.0


Network Mask: 255.255.255.0
Exit Interface: Inside
Next Router IP to reach the destination: 10.11.11.1 (This needs to be reachable/directly connected)
Default Routes
 Default routes define a router as the default gateway for your device.

 When there is no entry for the destination network in a routing table, the router will
forward the packet to its default router. c

 Default routes help in reducing the size of your routing table.

 The default route is essentially a static route with a special Destination Network
and Network Mask.

 The Special Destination Network is “0.0.0.0”. The special Network Mask is


“0.0.0.0”.
Default Route Syntax
 The syntax for the Static Route Command on the ASA is:

route [Exit Interface] 0.0.0.0 0.0.0.0 [Next Hop Router]


c
 For our network, if ASA wants to reach any network not in the routing table, you would
create a static route using the following:

route Outside 0.0.0.0 0.0.0.0 192.1.20.2

 The 0.0.0.0 0.0.0.0 can be abbreviated by using a “0” to represent the Networks and “0” to
represent the Mask.

Route Outside 0 0 192.1.20.2


Verification Commands
 Show run route - Displays the running config for a route statement.
 Show Route – Displays the routing table.
 Ping – Verifies connectivity. c
Lab Configuration
10.2.2.0/24
R2 199.1.1.0/24
200.1.1.0/24

E0/0 (.2)

192.1.20.0/24 Outside
c
ASA FW G0/0 (.10)
R4 R3
192.168.4.0/24 DMZ-4 192.168.3.0/24 DMZ-3
E0/0 (.4) G0/3 (.10) G0/2 (.10) E0/0 (.3)

10.4.4.0/24 G0/1 (.10)


10.3.3.0/24

10.11.11.0/24 Inside

E0/0 (.1)

E0/1 (.1)
10.1.1.0/24
10.20.20.0/24
10.10.10.0/24 R1
Lab Configuration
 This lab builds on the Basic Initialization Lab.

 Configure Static routes on the ASA to provide it reachability towards the Loopback networks
behind the surrounding routers.
c
 Configure a Default Route on the ASA towards R2.

 Configure Static Routes on the ASA towards the 10.X.X.0/24 Loopback Networks behind R1,
R3 & R4.

 Ping these networks to verify connectivity.


Lab Configuration

ASA
c
Route Outside 0 0 192.1.20.2
Route Inside 10.1.1.0 255.255.255.0 10.11.11.1
Route Inside 10.10.10.0 255.255.255.0 10.11.11.1
Route Inside 10.20.20.0 255.255.255.0 10.11.11.1
Route DMZ-3 10.3.3.0 255.255.255.0 192.168.3.3
Route DMZ-3 10.4.4.0 255.255.255.0 192.168.4.4
Lab Configuration
 Ping 10.2.2.2 to verify the Default Route.

 Ping 10.1.1.1, 10.10.10.1& 10.20.20.1 behind R1.

 Ping 10.3.3.3 behind R3. c


 Ping 10.4.4.4 behind R4.
Whiteboard

You might also like