Re: Cisco ASA code quirk

["Farrukh Haroon" <farrukhharoon () gmail com>]

The ASA uses regular subnet masks in the route command and not wildcard
masks, you need to do this now:

no route int2 0.0.0.0 0.255.255.255 172.16.12.8 10
route int2 10.0.0.0 255.0.0.0 <http://0.255.255.255/> 172.16.12.8 10

It would also be nice to change this:

no route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
route int1 0.0.0.0 0.0.0.0 172.5.3.47

Regards

Farrukh

On Thu, Dec 4, 2008 at 8:08 AM, Terry Clark <ts.clark () yahoo com> wrote:

> I'm not very familiar with firewalls, but I've inherited a network where
> the only networking devices *are* firewalls.  I tried to make a change
> tonight, as follows:
>
> route int2 10.0.0.0 0.255.255.255 172.16.12.8 10
> no route int2 0.0.0.0 0.0.0.0 172.16.12.8 1
>
> The existing routes were:
>
> route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
> route int2 0.0.0.0 0.0.0.0 172.16.12.8 1
>
> Just to finish the story, I was trying to get private traffic to go across
> int2, and public (everything else) traffic across link 1, which - as
> configured - is dark copper until int2 blows up.
>
> Anyway, when I made the change, the firewall responded to a "sh run route"
> with:
>
> route int2 0.0.0.0 0.255.255.255 172.16.12.8 10
> route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
>
> Obviously not what I wanted, and the end result was no change in traffic
> patterns.  The only thing I can think of that might explain it is if the
> firewall is routing classfully, but it's got a /30 interface, so I know
> that's not the case.
>
> What gives?
>
> TIA,
> Terry
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards