+46790083233
By default, Cisco ASA firewalls support routing capabilities enabling customers to configure various routing scenarios on it. Basically, Static routes are user-defined, manually created routes which can be created on a Cisco ASA Firewall using route command.
Generally, the administrators are responsible for creating routes for each network that is available on their topology. So, if a new route is added in the network, you would need to add the new route manually on each and every router. Although, static routes are not suitable for a large or dynamic environment.
The syntax for the static route command is as follows:
ASA# route [Exit Interface] [Destination Network] [Mask] [Next Hop]
For instance, if the ASA wants to reach the 10.0.0.0/24 network, you should create a static route using the following command:
ASA# route inside 10.0.0.0 255.255.255.0 10.2.2.1
Note: The next Hop should be reachable or directly connected.
Actually, default routes define a router as the default gateway for your device. When there is no entry for the destination network in routing table, the router will forward the packet to its default router. Default routes help in reducing the size of you routing table. Essentially, every default route is a static route with special destination network and network mask which can defined by 0.0.0.0 in the most general term. The syntax for default route in the ASA firewall is:
ASA# route [Exit Interface] 0.0.0.0 0.0.0.0 [Next Hop]
Customers can use the following commands to verify ASA route configuration:
ASA# show run route
ASA# show route
ASA# ping [IP]
Essentially, all routing protocols can be enables by using the “Router” command on the firewall. In order to enable RIP, you should use the following command:
ASA(config)# router rip
By default, a routing device sends updates using RIP version 1. You can change the version to 2 using the below command. This is the current and most popular version of RIP. Plus, auto-summarization of subnets is also turned on by default. It is highly recommended to disable auto-summary feature.
ASA(config)# router rip
ASA(config-router)# version 2
ASA(config-router)# no auto summary
ASA(config-router)# network 10.0.0.0
First, to enable EIGRP, you should consider the Autonomous System number which must be match between neighboring routers. Also, auto-summarization of subnets is also turned on by default and it is highly recommended to disable it using the following commands:
ASA(config)# router eigrp 100
ASA(config-router)# no auto-summary
ASA(config-router)# network 10.0.0.0 255.255.255.0
Note: in ASA you should use the normal mask instead of wild card mask!
In order to enable OSPF, a process ID is needed. This ID is locally significant and does not need to match the remote router. Basically, the OSPF routers are grouped into a logical entry known as Area. Also, OSPF routers are identified by using a “IP Address” like identifier known as the router ID. It can be configured manually using the Router-ID command under the routing process. To configure OSPF on ASA firewalls proceed like the following commands:
ASA(config)# router OSPF 1
ASA(config-router)# router-id 1.1.1.1
ASA(config-router)# network 10.0.0.0 255.0.0.0 area 0
Note: in ASA you should use the normal mask instead of wild card mask!
Essentially, BGP is a protocol that is used by your company to communicate to a remote organization. It generally runs between ISPs although some enterprises can also use it to communicate to these ISPs. You have the ability to run BGP on the ASA as well as routers. The purpose of BGP is to advertise the Internal routes that are directly connected or learnt via IGP protocols like OSPF, Eigrp and etc., to external neighbors. To enable BGP on the ASA firewall proceed like the following example:
ASA(config)# router bgp 100
ASA(config-router)# neighbor 10.0.0.1 remote-as 200
ASA(config-router)# neighbor 10.0.0.1 activate
ASA(config-router)# network 192.168.1.1 mask 255.255.255.0
