How to configure Static Routes on Cisco ASA Firewall

In this article, we will discuss and configure static routing on Cisco ASA Firewall in detail. Cisco ASA supports both static as well as dynamic routing protocols such as RIP, OSPF, EIGRP & BGP. You can configure the static routing using the ASDM or command-line interface. We will cover both ways to configure static routes on Cisco ASA. So, Let’s start!


Cisco ASA: Understanding the topology for Static Routing Configuration

Before starting the static routing configure, let’s first understand the topology so you will configure the static routes more easily. Let’s understand the below image:


We have configured three interfaces, i.e. Outside, Inside, and DMZ on Cisco ASA Firewall. Outside Interface is connected with ISP. Some of the web servers are hosted in DMZ. Inside interface is connected with Internal Core. Further, we have two different networks are configured on the internal Core.

In this topology, we need to configure a static default route towards ISP. Since we have two networks connected with the internal core switch, then we need to configure both routes towards the internal Core.

Recommended:  Cisco ASA Configuration Backup using SCP, TFTP & ASDM

Configuring Static Route on Cisco ASA Firewall

We must have proper privileges to configure static routes. This is an example to configure static routes on ASA Firewall

route <interface> <destination> <netmask> <next-hop>

Well, we just need to change the values like interface, a destination address, netmask, and next-hop. The interface will be the nameif you have assigned to a particular interface. Then, we need to specify the destination address with the netmask. Finally, you have to configure the next-hop IP address.

So, the default route configuration example will be

ciscoasa(config)#route outside

Similarly, we can configure inside routes that are towards our internal Core switch. Here, we need to configure two routes, i.e. & and the gateway will be the internal Core switch.

ciscoasa(config)#route inside
ciscoasa(config)#route inside

In this way, we have successfully configured all three static routes on Cisco ASA Firewall. You can check all these routes using the below show command:

ciscoasa# show route static
Codes: L -- local, C -- connected, S -- static, R -- RIP, M -- mobile, B -- BGP
D -- EIGRP, EX -- EIGRP external, O -- OSPF, IA -- OSPF inter area
N1 -- OSPF NSSA external type 1, N2 -- OSPF NSSA external type 2
E1 -- OSPF external type 1, E2 -- OSPF external type 2
i -- IS-IS, su -- IS-IS summary, L1 -- IS-IS level-1, L2 -- IS-IS level-2
ia -- IS-IS inter area, * -- candidate default, U -- per-user static route
o -- ODR, P -- periodic downloaded static route, + -- replicated route
Gateway of last resort is to network
S* [1/0] via, outside
S [1/0] via, inside
S [1/0] via, inside

All the highlighted entries with red color is the static routes we have configured on Cicso ASA Firewall.

Configure Static Routes on Cisco ASA Firewall using ASDM

In this session, we will configure the static routes using Cisco ASDM. Before starting, make sure that you have access to Cisco ASA Firewall using ASDM.

Recommended:  pfSense Firewall Quick Overview - Getting Started with pfSense

Well, now let’s access the Cisco ASA using the ASDM application and navigate to Configuration > Device Setup > Routing > Static Routes and click on Add.


Once you click on Add button, a popup window will appear. In this window, first, you need to select the interface, then you need to define the destination address with netmask and gateway. You can refer to the below image.


By default, the matric is 1 for static routes. However, you can change the matrix as per your requirement. I’ve configured the destination address without any address object. It will be a great idea to have address objects configured on ASA Firewall.

Similarly, you can configure different static routes pointing to the Internal Core. Once, you finish the configuration, you must need to apply the changes so that the changes are effective on the Cisco ASA appliance.

Related Articles

Recommended:  Automated backup from Palo Alto Networks Firewall without Panorama



Routing is essentials for all firewalls in routing mode. Cisco ASA supports both static and dynamic routing. In this article, we have configured static routes using CLI and ASDM. Both ways are very easy and helpful to configure static routes. Finally, we have checked static routes on Cisco Firewall using CLI.

Hope you like this article. If you like this article, just share it on social media platforms. Also, in case if you have some issues during the configuration, don’t hesitate to comment in the comment box!

Support our work:

If you appreciate what we do and would like to contribute to our efforts, we kindly ask you to consider buying us a coffee. Your small donation can go a long way in helping us cover the costs of hosting, maintenance, and further development.

Please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us Support Us

We are always thankful for your never-ending support.

Leave a Reply

Your email address will not be published. Required fields are marked *