Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static Route 3745

Status
Not open for further replies.
dkluth

dkluth

Technical User
Nov 10, 2005
85
0
0
US
Hi Guys,

This is driving me nuts. I have a 3745 that I need to add a static route to. I have two routes that this concerns. One is my default g/w route.

0.0.0.0 0.0.0.0 192.168.150.3

This route allows my router to send all unknown traffic to the internet.

I have another route that I need to add that redirects a request for a single external IP address to an internal address. This rediercts to my Cisco ASA5505 VPN device.

So I enter this route.

ip route 64.14.***.*** 255.255.255.255 192.168.150.45

I used a 32 bit subnet mask so it should be a route for just that address. Here's what shows up under a show IP route.
64.0.0.0/32 is subnetted, 1 subnets
64.14.***.*** [1/0] via 192.168.150.45
So it redirects any IP address that start with 64. to the ASA rather than a single address.

Anyone know why this is??

Any help is appreciated.

Thank You,

Doug

 
Sort by date Sort by votes
It doesn't route anything 64.x.x.x to that host, that is merely what it looks like in your routing table. If you look there is only a route for the 64.14.x.x not for the summary address.
 
Upvote 0 Downvote
Thanks, but it is redirecting any ip address that begins with 64. to the asa. We have three different companys we work with that have 64. addresses and with that in place the ASA gets the traffic. Any ideas why?

Thank you,

Doug
 
Upvote 0 Downvote
You would have to post the rest of your routes. Are you running a routing protocol?
 
Upvote 0 Downvote
You could NAT with a route map...
route-map single permit 1
match ip address 110
Then...
access-list 110 permit ip host 64.x.x.x host 192.168.150.45
access-list 110 deny ip any any
and then apply the NAT to the outgoing interface---let's say it's serial 0/1...
ip nat inside source route-map single int s0/1

If this would be the only NAT statement, then you could adjust the acl to allow everything else to the subnet, but that particular address should be natted 1-to-1.

Burt
 
Upvote 0 Downvote
Hi,

I am running eigrp. Here is the routing part of the config. I really just don't understand this. It's driving me nuts. What am I missing?


router eigrp 10
redistribute static
network 192.168.1.0
network 192.168.111.0
network 192.168.112.0
network 192.168.116.0
network 192.168.121.0
network 192.168.123.0
network 192.168.125.0
network 192.168.131.0
network 192.168.132.0
network 192.168.136.0
network 192.168.137.0
network 192.168.150.0
network 192.168.161.0
network 192.168.171.0
network 192.168.172.0
network 192.168.180.0
network 192.168.181.0
network 192.168.182.0
network 192.168.191.0
network 192.168.192.0
network 192.168.200.0
network 192.168.201.0
network 192.168.202.0
network 192.168.212.0
network 192.168.213.0
network 192.168.214.0
network 192.168.215.0
network 192.168.216.0
network 192.168.217.0
distribute-list 99 out FastEthernet0/0
distribute-list 99 out Serial0/0:0
auto-summary
!
no ip classless
ip route 0.0.0.0 0.0.0.0 192.168.150.3
ip route 167.16.**.*** 255.255.255.255 192.168.123.70
ip route 170.186.**.** 255.255.255.255 192.168.123.70
ip route 192.168.112.0 255.255.255.0 192.168.114.2 200
ip route 192.168.130.0 255.255.255.0 192.168.132.2 200
ip route 192.168.135.0 255.255.255.0 192.168.137.2 200
ip route 192.168.180.0 255.255.255.0 192.168.182.2 200
ip route 192.168.190.0 255.255.255.0 192.168.192.2 200
ip route 192.168.212.0 255.255.255.0 192.168.214.2 200
ip route 199.38.***.0 255.255.255.0 192.168.150.24
ip route 199.186.***.0 255.255.255.0 192.168.123.70
ip route 199.186.***.0 255.255.255.0 192.168.123.70
ip route 199.186.***.0 255.255.255.0 192.168.123.70

Thanks,

Doug
 
Upvote 0 Downvote
You have auto summary enabled under eigrp . Add "no auto summary" under the eigrp process. auto summary will set the route on the class boundary which is 64. because it is a class A address .
 
Upvote 0 Downvote
I'm a little confused as to what you are wanting to do(no surprise there, I'm confused most of the time).

You are wanting to route an external public IP address to an internal IP address so when users connect to 192.168.150.45 they are redirected to the public IP of 64.14.x.x ??

IF SO, you can do a nat statement:

ip nat outside source static 64.14.x.x 192.168.150.45

Not sure if that's what you wanted to do, but there ya go lol.

-E
 
Upvote 0 Downvote
I too was confused (and still am)...if you are still having trouble, could you post a simple topology of the devices in question here, if not for your solution, but for out edification? I know that disabling auto-summary probably took care of what you needed, but I'm trying to figure out why you need this redirected to that by using a static route instead of static NAT...thanks.

Burt
 
Upvote 0 Downvote
I was kinda thinking that you can't even use an ip route to do a nat-type of config. That is the main thing I was confused about when I read the post.

The reason is because when traffic is sent back out to that other external ip address, it will have a source of an internal address, unless NAT is in the middle to reconvert it back to a public IP it will get dropped.

Confusion persists..

 
Upvote 0 Downvote
Ok, here goes. The no auto-summary didn't solve the problem. Here's what I am trying to acomplish. That single IP 64.14.***.** must arive at my ASA5505 as someone from my internal network tring to FTP to 64.14.***.***. In other words, source 192.168.150.100 ftp to destination 64.14.***.*** ftp. This causes the ASA to open the tunnel. The ASA has no connection straight to the internet. It is connected from my private network to a seperate DMZ zone running on a 192.1.1.0 network. I hae 15 different locations that may need to FTP to that address and have it directed to the ASA, however currently any 64. address is being routed to the ASA.

Hope that helps,

Doug

P.S. thank you for all off the help and advice
 
Upvote 0 Downvote
What about just permitting that address in the ASA? All others that are part of the 64.x.x.x network would be dropped.

Burt
 
Upvote 0 Downvote
I need other 64. addresses to get out to the internet. They need to be directed to my internet connection which is the 0.0.0.0 192.168.150.3 route.

Thanks,

Doug
 
Upvote 0 Downvote
After a second glance at your configuration, I found the issue. You need to configure ip classless.


router(config)#ip classless
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
52
burtsbees
burtsbees
ameyUK
  • Locked
  • Question
Static routes and EIGRP
Replies
1
Views
41
pablo100
pablo100
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
48
CASSBusinessSystems
CASSBusinessSystems
detewe
  • Locked
  • Question
JTAG pinout on Linksys E4200v2 / EA4500 routers
Replies
0
Views
58
detewe
detewe
stayconnected
  • Locked
  • Question
How to reliably configure a secondary failover route for Layer 3 Cisco Switch?
Replies
11
Views
82
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top