Tuesday, May 7, 2019

ASA Static Route Question

Hi All, Looking for some assistance with an ASA routing issues.

Some background:

Network consists of a 3850 stack, IP routing, multiple VLANS and is configured as the default gateway. The main workstation VLANs is 192.168.5.0 with an old ASA 5510 (8.2) connected at 192.168.5.5.

3850 gateway of last resort is the ASA at 192.168.5.5 to network 0.0.0.0

3850 has a guest VLAN 192.168.9.0

The current ASA 5510 has the following static routes outside 0.0.0.0 0.0.0.0 (to our ISP assigned public IP) 1 inside 192.168.9.0 255.255.255.0 192.168.5.5 1

This works with no issues. Guest VLAN has access to the internet

Now I’m working with a replacement ASA 5508-X (9.7) with firepower

I configured the ASA to match the existing ASA 5510 and everything works except the VLAN 192.168.9.0

When I try to configure the same static route inside 192.168.9.0 255.255.255.0 192.168.5.5 I get the following error:

[ERROR] route inside 192.168.9.0 255.255.255.0 192.168.5.5 1 Invalid next hop address 192.168.5.5 it matches our IP address

What am I missing here. Is there a change between the 2 ASA versions and this is now done another way? Any insight would be appreciated. Thanks.



No comments:

Post a Comment