Connected and Static Routes
 


Static Routes
Routers use three main methods to add routes to their routing tables: connected routes, static routes, and dynamic routing protocols.  Routers always add connected routes when interfaces have IP addresses configured and the interfaces are up and working.

Static routing consists of individual ip route global configuration commands that define a route to a router.  The command includes a reference to the subnet along with instructions about where to forward packets destined to that subnet.  Static routes are depicted by an S in the Codes for show ip route.

The IOS ping command sends five ICMP Echo Reply packets by default ! means received and . means it wasn’t.


Configuring Static Routes
The ip route command defines the static route by defining the subnet number and the next-hop IP address.  You can also use an interface.


The Extended ping Command
* The Cisco ping command uses, by default, the output interface’s IP address as the packet’s source address, unless otherwise specified in an extended ping.

* Ping response packets (ICMP Echo Replies) reverse the IP addresses used in the received ping request to which they are responding.

The danger when troubleshooting with the standard ping command is that routing problems can still exist.  A more thorough alternative is to use the extended ping command to act like you issued a ping from a computer on that subnet, without having to call a user to ask to enter a ping command for you on the PC.  The extended version can be used to refine the problem’s underlying cause by changing several details of what the ping command sends in its request.  When a ping from a router works but a ping from a host does not, the extended ping could help you re-create the problem without needing to work with the end user on the phone.


Static Default Routes
A default route is a special route that matches all packet destinations.  Default routes can be particularly useful when only one physical path exists from one part of the network to another, and in cases for which one enterprise router provides connectivity to the Internet for that enterprise.


Default Routes Using the ip route Command
When a router knows about at least one default route, the router notes that route with an asterisk in the routing table.  If a router learns about multiple default routes – either through static configuration or from routing protocols – the router notes each default route with an asterisk in the routing table.  The router chooses the best default route, noting that choice as the gateway of last resort.


Default Routes Using the ip default-network Command
ip default-network lists a classful IP network as its parameter, telling the router to use the routing details of the route for that classful network as the forwarding details for a default route.

This command is useful when an engineer wants to use the default route to reach networks besides the networks used inside that enterprise.


Default Route Summary
Remember these key points regarding default routes:

* Default static routes can be statically configured using the ip route 0.0.0.0 0.0.0.0 next-hope-address or the ip default-network net-number command.

* When a router only matches a packet with the default route, that router uses the forwarding details listed in the gateway of last resort line.  Default routes are used according to the rules of classless or classful routing.

 

 

For static routes, you can change the distance of each route by entering a distance after the ip route command:

ip route network subnet mask next hop distance

You can't change the administrative distance for all the static routes at once.

 


Configuring a Static Route

 

Static routing algorithms are basically table mappings established by the network administrator before the beginning of routing. These mappings do not change unless the network administrator alters them. Algorithms that use static routes are simple to design and work well in environments where network traffic is relatively predictable and where network design is relatively simple. Because of this fact, static routing systems cannot react to network changes.

 

Static routes remain in the routing table even if the specified gateway becomes unavailable. If the specified gateway becomes unavailable, you need to remove the static route from the routing table manually. However, static routes are removed from the routing table if the specified interface goes down, and are reinstated when the interface comes back up.

 

 

Note If you create a static route with an administrative distance greater than the administrative distance of the routing protocol running on the ASA, then a route to the specified destination discovered by the routing protocol takes precedence over the static route. The static route is used only if the dynamically discovered route is removed from the routing table.


 

You can define up to three equal cost routes to the same destination per interface. Equal-cost multi-path (ECMP) routing is not supported across multiple interfaces. With ECMP, the traffic is not necessarily divided evenly between the routes; traffic is distributed among the specified gateways based on an algorithm that hashes the source and destination IP addresses.

 

To configure a static route, see the following section:

 

Adding or Editing a Static Route

To add or edit a static route, enter the following command:

 
Command
Purpose
route if_name dest_ip mask gateway_ip 
[distance] 
Example:

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1 [1]

Enables you to add a static route.

The dest_ip and mask arguments indicate the IP address for the destination network, and the gateway_ip argument is the address of the next-hop router. The addresses you specify for the static route are the addresses that are in the packet before entering the ASA and performing NAT.

The distance argument is the administrative distance for the route. The default is 1 if you do not specify a value. Administrative distance is a parameter used to compare routes among different routing protocols. The default administrative distance for static routes is 1, giving it precedence over routes discovered by dynamic routing protocols but not directly connected routes.

The default administrative distance for routes discovered by OSPF is 110. If a static route has the same administrative distance as a dynamic route, the static route takes precedence. Connected routes always take precedence over static or dynamically discovered routes.


 

 

Examples

 

The following example shows static routes that are equal cost routes that direct traffic to three different gateways on the outside interface. The ASA distributes the traffic among the specified gateways.

 

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1

 

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.2

 

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.3

Configuring a Default Static Route

 

A default route identifies the gateway IP address to which the ASA sends all IP packets for which it does not have a learned or static route. A default static route is simply a static route with 0.0.0.0/0 as the destination IP address. Routes that identify a specific destination take precedence over the default route.

 

 

Note In Versions 7.0(1) and later, if you have two default routes configured on different interfaces that have different metrics, the connection to the ASA that is made from the higher metric interface fails, but connections to the ASA from the lower metric interface succeed as expected.


 

You can define up to three equal cost default route entries per device. Defining more than one equal cost default route entry causes the traffic sent to the default route to be distributed among the specified gateways. When defining more than one default route, you must specify the same interface for each entry.

 

If you attempt to define more than three equal cost default routes or a default route with a different interface than a previously defined default route, you receive the following message:

 

"ERROR: Cannot add route entry, possible conflict with existing routes." 

 

You can define a separate default route for tunneled traffic along with the standard default route. When you create a default route with the tunneled option, all traffic from a tunnel terminating on the ASA that cannot be routed using learned or static routes is sent to this route. For traffic emerging from a tunnel, this route overrides any other configured or learned default routes.

Limitations on Configuring a Default Static Route

The following restrictions apply to default routes with the tunneled option:

Do not enable unicast RPF (ip verify reverse-path command) on the egress interface of a tunneled route, because this setting causes the session to fail.

Do not enable TCP intercept on the egress interface of the tunneled route, because this setting causes the session to fail.

Do not use the VoIP inspection engines (CTIQBE, H.323, GTP, MGCP, RTSP, SIP, SKINNY), the DNS inspect engine, or the DCE RPC inspection engine with tunneled routes, because these inspection engines ignore the tunneled route.

You cannot define more than one default route with the tunneled option.

ECMP for tunneled traffic is not supported.

To add or edit a tunneled default static route, enter the following command:

 
Command
Purpose
route if_name 0.0.0.0 0.0.0.0 gateway_ip 
[distance | tunneled]
Example:

hostname(config)# route outside 0 0 192.168.2.4 tunneled

Enables you to add a static route.

The dest_ip and mask arguments indicate the IP address for the destination network and the gateway_ip argument is the address of the next hop router. The addresses you specify for the static route are the addresses that are in the packet before entering the ASA and performing NAT.

The distance argument is the administrative distance for the route. The default is 1 if you do not specify a value. Administrative distance is a parameter used to compare routes among different routing protocols. The default administrative distance for static routes is 1, giving it precedence over routes discovered by dynamic routing protocols but not directly connect routes. The default administrative distance for routes discovered by OSPF is 110. If a static route has the same administrative distance as a dynamic route, the static routes take precedence. Connected routes always take precedence over static or dynamically discovered routes.

 

Tip You can enter 0 0 instead of 0.0.0.0 0.0.0.0 for the destination network address and mask, as shown in the following example:

hostname(config)# route outside 0 0 192.168.1 1


Configuring IPv6 Default and Static Routes

The ASA automatically routes IPv6 traffic between directly connected hosts if the interfaces to which the hosts are attached are enabled for IPv6 and the IPv6 ACLs allow the traffic.

To configure an IPv6 default route and static routes, perform the following steps:

Detailed Steps

 
 
Command
Purpose

Step 1 

ipv6 route if_name ::/0 next_hop_ipv6_addr
Example:

hostname(config)# ipv6 route inside 7fff::0/32 3FFE:1100:0:CC00::1

Adds a default IPv6 route.

The example routes packets for network 7fff::0/32 to a networking device on the inside interface at 3FFE:1100:0:CC00::1

The address ::/0 is the IPv6 equivalent of any.

Step 2 

ipv6 route if_name destination 
next_hop_ipv6_addr [admin_distance]
Example:

hostname(config)# ipv6 route inside 7fff::0/32 3FFE:1100:0:CC00::1 [110]

Adds an IPv6 static route to the IPv6 routing table.

The example routes packets for network 7fff::0/32 to a networking device on the inside interface at 3FFE:1100:0:CC00::1, and with an administrative distance of 110.