Filter
Top Products
11-40
Cisco ASDM User Guide
OL-16647-01
Chapter 11 Configuring Dynamic And Static Routing
Static Routes
• IP Address—Type IP address of the network being permitted or denied. To permit or deny all
addresses, use the IP address 0.0.0.0 with a network mask of 0.0.0.0.
• Netmask—Specify the network mask applied to the network IP address. You can type a network
mask into this field or select one of the common masks from the list.
Modes
The following table shows the modes in which this feature is available:
For More Information
• Configuring EIGRP, page 11-29
Static Routes
Multiple context mode does not support dynamic routing, so you must define static routes for any
networks to which the security appliance is not directly connected.
In transparent firewall mode, for traffic that originates on the security appliance and is destined for a
non-directly connected network, you need to configure either a default route or static routes so the
security appliance knows out of which interface to send traffic. Traffic that originates on the security
appliance might include communications to a syslog server, Websense or N2H2 server, or AAA server.
If you have servers that cannot all be reached through a single default route, then you must configure
static routes.
The simplest option is to configure a default route to send all traffic to an upstream router, relying on the
router to route the traffic for you. However, in some cases the default gateway might not be able to reach
the destination network, so you must also configure more specific static routes. For example, if the
default gateway is on the outside interface, the default route cannot direct traffic to any inside networks
that are not directly connected to the security appliance.
You can also use static route in conjunction with dynamic routing protocols to provide a floating static
route that is used when the dynamically discovered route goes down. If you create a static route with an
administrative distance greater than the administrative distance of the dynamic routing protocol, then a
route to the specified destination discovered by the routing protocol takes precedence over the static
route. The static route is used only if the dynamically discovered route is removed from the routing table.
Static routes remain in the routing table even if the specified gateway becomes unavailable (see Static
Route Tracking, page 11-41, for the exception to this). If the specified gateway becomes unavailable,
you need to remove the static route from the routing table manually. However, static routes are removed
from the routing table if the associated interface on the security appliance goes down. They are reinstated
when the interface comes back up.
You can define up to three equal cost routes to the same destination per interface. ECMP is not supported
across multiple interfaces. With ECMP, the traffic is not necessarily divided evenly between the routes;
traffic is distributed among the specified gateways based on an algorithm that hashes the source and
destination IP addresses.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——