Configure Default and Static Routes – ASA Firewall

Configure Default and Static Routes – ASA Firewall

- in Security
3906
0
Configure a Default Route

A default route is simply a static route with 0.0.0.0/0 as the destination IP address. ASA would be configured using the command route {nameif}.

Add a default IPv4 route:

route if_name 0.0.0.0 0.0.0.0 gateway_ip [distance] [tunneled]

And IPv6:

ipv6 route if_name ::/0 gateway_ip [distance] [tunneled]

Example:

! IPv4
asa_jmcristobal(config)# route outside 0.0.0.0 0.0.0.0 10.1.1.1

! IPv6
asa_jmcristobal(config)# ipv6 route inside ::/0 3FFE:1100:0:CC00::1

You can enter 0 0 instead of 0.0.0.0 0.0.0.0 for the destination network address and mask, as shown in the following example:

asa_jmcristobal(config)# route outside 0 0 10.1.1.1

Configure a Static Route

A static route defines where to send traffic for specific destination networks.

Add a static IPv4 route:

route if_name dest_ip mask gateway_ip [distance]

And IPv6:

ipv6 route if_name dest_ipv6_prefix/prefix_length gateway_ip [distance]

Example:

! IPv4
asa_jmcristobal(config)# route outside 10.1.2.0 255.255.255.0 10.1.1.1


! IPv6
asa_jmcristobal(config)# ipv6 route outside 2001:DB8:1::0/32 2001:DB8:0:CC00::1

Verification comands:

asa_jmcristobal# show route
asa_jmcristobal# show run route

Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa916/configuration/general/asa-916-general-config/route-static.html

Facebook Comments

You may also like

Autonomous System Numbers – BGP

There are two types of BGP Autonomous system