Firewall Wizards mailing list archives
Re: Cisco ASA code quirk
From: "Farrukh Haroon" <farrukhharoon () gmail com>
Date: Fri, 5 Dec 2008 14:42:26 +0300
The ASA uses regular subnet masks in the route command and not wildcard masks, you need to do this now: no route int2 0.0.0.0 0.255.255.255 172.16.12.8 10 route int2 10.0.0.0 255.0.0.0 <http://0.255.255.255/> 172.16.12.8 10 It would also be nice to change this: no route int1 0.0.0.0 0.0.0.0 172.5.3.47 10 route int1 0.0.0.0 0.0.0.0 172.5.3.47 Regards Farrukh On Thu, Dec 4, 2008 at 8:08 AM, Terry Clark <ts.clark () yahoo com> wrote:
I'm not very familiar with firewalls, but I've inherited a network where the only networking devices *are* firewalls. I tried to make a change tonight, as follows: route int2 10.0.0.0 0.255.255.255 172.16.12.8 10 no route int2 0.0.0.0 0.0.0.0 172.16.12.8 1 The existing routes were: route int1 0.0.0.0 0.0.0.0 172.5.3.47 10 route int2 0.0.0.0 0.0.0.0 172.16.12.8 1 Just to finish the story, I was trying to get private traffic to go across int2, and public (everything else) traffic across link 1, which - as configured - is dark copper until int2 blows up. Anyway, when I made the change, the firewall responded to a "sh run route" with: route int2 0.0.0.0 0.255.255.255 172.16.12.8 10 route int1 0.0.0.0 0.0.0.0 172.5.3.47 10 Obviously not what I wanted, and the end result was no change in traffic patterns. The only thing I can think of that might explain it is if the firewall is routing classfully, but it's got a /30 interface, so I know that's not the case. What gives? TIA, Terry _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco ASA code quirk Terry Clark (Dec 04)
- Re: Cisco ASA code quirk Farrukh Haroon (Dec 08)