In this article, we will discuss and configure static routing on Cisco ASA Firewall in detail. Cisco ASA supports both static as well as dynamic routing protocols such as RIP, OSPF, EIGRP & BGP. You can configure the static routing using the ASDM or command-line interface. We will cover both ways to configure static routes on Cisco ASA. So, Let’s start!
Cisco ASA: Understanding the topology for Static Routing Configuration
Before starting the static routing configure, let’s first understand the topology so you will configure the static routes more easily. Let’s understand the below image:
We have configured three interfaces, i.e. Outside, Inside, and DMZ on Cisco ASA Firewall. Outside Interface is connected with ISP. Some of the web servers are hosted in DMZ. Inside interface is connected with Internal Core. Further, we have two different networks are configured on the internal Core.
In this topology, we need to configure a static default route towards ISP. Since we have two networks connected with the internal core switch, then we need to configure both routes towards the internal Core.
Configuring Static Route on Cisco ASA Firewall
We must have proper privileges to configure static routes. This is an example to configure static routes on ASA Firewall
Well, we just need to change the values like interface, a destination address, netmask, and next-hop. The interface will be the nameif you have assigned to a particular interface. Then, we need to specify the destination address with the netmask. Finally, you have to configure the next-hop IP address.
So, the default route configuration example will be
Similarly, we can configure inside routes that are towards our internal Core switch. Here, we need to configure two routes, i.e. 192.168.1.0/24 & 192.168.2.0/24 and the gateway will be the internal Core switch.
In this way, we have successfully configured all three static routes on Cisco ASA Firewall. You can check all these routes using the below show command:
All the highlighted entries with red color is the static routes we have configured on Cicso ASA Firewall.
Configure Static Routes on Cisco ASA Firewall using ASDM
In this session, we will configure the static routes using Cisco ASDM. Before starting, make sure that you have access to Cisco ASA Firewall using ASDM.
Well, now let’s access the Cisco ASA using the ASDM application and navigate to Configuration > Device Setup > Routing > Static Routes and click on Add.
Once you click on Add button, a popup window will appear. In this window, first, you need to select the interface, then you need to define the destination address with netmask and gateway. You can refer to the below image.
By default, the matric is 1 for static routes. However, you can change the matrix as per your requirement. I’ve configured the destination address without any address object. It will be a great idea to have address objects configured on ASA Firewall.
Similarly, you can configure different static routes pointing to the Internal Core. Once, you finish the configuration, you must need to apply the changes so that the changes are effective on the Cisco ASA appliance.
Related Articles
- Cisco ASA: Security Levels and Zones Explained
- Configure Cisco ASA Firewall for ASDM Access
- Enable Telnet and SSH access to Cisco ASA Firewall
Reference
Summary
Routing is essentials for all firewalls in routing mode. Cisco ASA supports both static and dynamic routing. In this article, we have configured static routes using CLI and ASDM. Both ways are very easy and helpful to configure static routes. Finally, we have checked static routes on Cisco Firewall using CLI.
Hope you like this article. If you like this article, just share it on social media platforms. Also, in case if you have some issues during the configuration, don’t hesitate to comment in the comment box!
Support our work:
If you appreciate what we do and would like to contribute to our efforts, we kindly ask you to consider buying us a coffee. Your small donation can go a long way in helping us cover the costs of hosting, maintenance, and further development.
Please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are always thankful for your never-ending support.