8-3
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 8 Configuring IP Addresses, Routing, and DHCP
Configuring Static Routes
Routes that identify a specific destination address take precedence over the default route.
To set a default route, enter the following command:
FWSM/contexta(config)# route
gateway_interface
0 0
gateway_ip
[
metric
]
The metric is the number of hops to gateway_ip. The default is 1 if you do not specify a metric.
For example, if the FWSM receives traffic that it does not have a route for, it sends the traffic out the
outside interface to the router at 10.1.1.1:
FWSM/contexta(config)# route outside 0 0 10.1.1.1 1
Configuring Static Routes
Multiple context mode does not support dynamic routing, so you must use static routes for any networks
to which the FWSM is not directly connected; for example, when there is a router between a network
and the FWSM.
You might want to use static routes in single context mode in the following cases:
• Your networks use a different router discovery protocol from RIP or OSPF.
• Your network is small and you can easily manage static routes.
• You do not want the traffic or CPU overhead associated with routing protocols.
The simplest option is to configure a default route (see the previous section) to send all traffic to an
upstream router, relying on the router to route the traffic for you. However, in some cases the default
gateway might not be able to reach the destination network, so you must also configure more specific
static routes. For example, if the default gateway is outside, then the default route cannot direct traffic
to any inside networks that are not directly connected to the FWSM.
For transparent firewall mode, for traffic that originates on the FWSM and is destined for a non-directly
connected network, you need to configure either a default route or static routes so the FWSM knows out
of which interface to send traffic. Traffic that originates on the FWSM might include communications
to a syslog server, Websense or N2H2 server, or AAA server. If you have servers that cannot all be
reached through a single default route, then you must configure static routes.
The FWSM supports up to three equal cost routes on the same interface for load balancing.
Static routes take precedence over dynamic routes if they have the same metric (number of router hops).
To add a static route, enter the following command:
FWSM/contexta(config)# route
gateway_interface dest_ip mask
gateway_ip
[
metric
]
The metric is the number of hops to gateway_ip. The default is 1 if you do not specify a metric.
The addresses you specify for the static route are the addresses that are in the packet before entering the
FWSM and performing NAT.
For example, to send all traffic destined for 10.1.1.0/24 to the router (10.1.2.45) connected to the inside
interface, enter the following command:
FWSM/contexta(config)# route inside 10.1.1.0 255.255.255.0 10.1.2.45 1
To Next Page
Loading...
Need help?
General