CHAPTER
19-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
19
Configuring Static and Default Routes
This chapter describes how to configure static and default routes on the adaptive security appliance and
includes the following sections:
• Information About Static and Default Routes, page 19-1
• Licensing Requirements for Static and Default Routes, page 19-2
• Guidelines and Limitations, page 19-2
• Configuring Static and Default Routes, page 19-2
• Monitoring a Static or Default Route, page 19-8
• Configuration Examples for Static or Default Routes, page 19-9
• Feature History for Static and Default Routes, page 19-9
Information About Static and Default Routes
To route traffic to a non-connected host or network, you must define a static route to the host or network
or, at a minimum, a default route for any networks to which the adaptive security appliance is not directly
connected; for example, when there is a router between a network and the adaptive security appliance.
Without a static or default route defined, traffic to non-connected hosts or networks generates the
following syslog message:
%ASA-6-110001: No route to dest_address from source_address
Multiple context mode does not support dynamic routing,
You might want to use static routes in single context mode in the following cases:
• Your networks use a different router discovery protocol from EIGRP, RIP, or OSPF.
• Your network is small and you can easily manage static routes.
• You do not want the traffic or CPU overhead associated with routing protocols.
The simplest option is to configure a default route to send all traffic to an upstream router, relying on the
router to route the traffic for you. However, in some cases the default gateway might not be able to reach
the destination network, so you must also configure more specific static routes. For example, if the
default gateway is outside, then the default route cannot direct traffic to any inside networks that are not
directly connected to the adaptive security appliance.
In transparent firewall mode, for traffic that originates on the adaptive security appliance and is destined
for a non-directly connected network, you need to configure either a default route or static routes so the
adaptive security appliance knows out of which interface to send traffic. Traffic that originates on the
To Next Page
Loading...
Need help?
General
