Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Cisco ASA code quirk
From: Terry Clark <ts.clark () yahoo com>
Date: Wed, 3 Dec 2008 21:08:44 -0800 (PST)

I'm not very familiar with firewalls, but I've inherited a network where the only networking devices *are* firewalls.  
I tried to make a change tonight, as follows:

route int2 10.0.0.0 0.255.255.255 172.16.12.8 10
no route int2 0.0.0.0 0.0.0.0 172.16.12.8 1

The existing routes were:

route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
route int2 0.0.0.0 0.0.0.0 172.16.12.8 1

Just to finish the story, I was trying to get private traffic to go across int2, and public (everything else) traffic 
across link 1, which - as configured - is dark copper until int2 blows up.

Anyway, when I made the change, the firewall responded to a "sh run route" with:

route int2 0.0.0.0 0.255.255.255 172.16.12.8 10
route int1 0.0.0.0 0.0.0.0 172.5.3.47 10

Obviously not what I wanted, and the end result was no change in traffic patterns.  The only thing I can think of that 
might explain it is if the firewall is routing classfully, but it's got a /30 interface, so I know that's not the case.

What gives?

TIA,
Terry


      

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]