|
Firewall Wizards
mailing list archives
Cisco ASA code quirk
From: Terry Clark <ts.clark () yahoo com>
Date: Wed, 3 Dec 2008 21:08:44 -0800 (PST)
I'm not very familiar with firewalls, but I've inherited a network where the only networking devices *are* firewalls.
I tried to make a change tonight, as follows:
route int2 10.0.0.0 0.255.255.255 172.16.12.8 10
no route int2 0.0.0.0 0.0.0.0 172.16.12.8 1
The existing routes were:
route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
route int2 0.0.0.0 0.0.0.0 172.16.12.8 1
Just to finish the story, I was trying to get private traffic to go across int2, and public (everything else) traffic
across link 1, which - as configured - is dark copper until int2 blows up.
Anyway, when I made the change, the firewall responded to a "sh run route" with:
route int2 0.0.0.0 0.255.255.255 172.16.12.8 10
route int1 0.0.0.0 0.0.0.0 172.5.3.47 10
Obviously not what I wanted, and the end result was no change in traffic patterns. The only thing I can think of that
might explain it is if the firewall is routing classfully, but it's got a /30 interface, so I know that's not the case.
What gives?
TIA,
Terry
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Cisco ASA code quirk Terry Clark (Dec 04)
|
Intro
