Static routing

Static routing is the manual configuration on either the router or  the ASA. The administrator/network engineer would need to create a route on the ASA to tell the device how to forward traffic destined for a particular network. Without any routes, the device won't know how to forward packets. Static routing can become challenging as the network grows and more routers are added. With static routing, each network would require a manual entry into the routing table (static route) of the device, whether it's a Router or the ASA.

Let's begin setting up a static route on the ASA.

The following topology shows a single ASA for a company where the internet is directly connected to its Outside interface. Just as a Cisco router, the ASA automatically adds its directly-connected routes to its routing table. In the following topology, the ASA has only the 192.168.2.0/24 and 200.1.1.0/30 networks within its routing table:

However, it does not know about the 192.168.1.0/24 network, therefore any traffic, whether returning or destined for the 192.168.1.0/24 network, would be dropped because the ASA does not have a route to forward the packets. This would mean any traffic that is destined for the internet would also not be forwarded by the ASA, since it does not have a default route in place.

We can verify this information quickly using the show route command to view the routing table:

We are going to open the ASDM, then navigate to Configuration | Device Setup | Routing | Static Routes. As we can see, there are no Static Routes installed on the ASA:

Next, we are going to add a static route using the ASDM. On the right side of the window, click on Add. A new window will appear. Since the 192.168.1.0/24 destination network can be reached from the Inside interface, we must assign the interface settings correctly.

Then, we are going to add the destination network, 192.168.1.0/24, within the Network field and set the next-hop.

The next-hop is simply the next device to forward the packet to, based on the destination IP address/network within the packet header.

Referring back to the topology, if the ASA has a packet that is destined for 192.168.1.0/24, the only path to reach the network is through the router, therefore the next-hop will be 192.168.2.2. The next-hop IP address will be placed in the Gateway IP field:

The metric value is the cost to reach the network. Each route in the routing table is a metric based on routing protocols, directly-connected routes, or static routing. Static Routes has a distance of 1 by default. This value should be kept as the default unless you're creating a floating static route on the ASA.

Once the values are assigned, click on OK. The static route has been added:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.252.140