Chapter 8
Configuring IP Routing and DHCP Services
The simplest option is to configure a default route to send all traffic to an upstream router, relying on the
router to route the traffic for you. However, in some cases the default gateway might not be able to reach
the destination network, so you must also configure more specific static routes. For example, if the
default gateway is outside, then the default route cannot direct traffic to any inside networks that are not
directly connected to FWSM.
In transparent firewall mode, for traffic that originates on FWSM and is destined for a non-directly
connected network, you need to configure either a default route or static routes so FWSM knows out of
which interface to send traffic. Traffic that originates on FWSM might include communications to a
system log server, Websense or N2H2 server, or AAA server. If you have servers that cannot all be
reached through a single default route, then you must configure static routes.
Note
The default route for the transparent firewall, which is required to provide a return path for management
traffic, is only applied to management traffic from one bridge group network. This is because the default
route specifies an interface in the bridge group as well as the router IP address on the bridge group
network, and you can only define one default route. If you have management traffic from more than one
bridge group network, you need to specify a static route that identifies the network from which you
expect management traffic.
The FWSM supports up to three equal cost routes to the same destination per interface for load
balancing.
This section includes the following topics:
•
•
•
For information about configuring IPv6 static and default routes, see the
Static Routes" section on page
Configuring a Static Route
To add a static route, enter the following command:
hostname(config)# route if_name dest_ip mask gateway_ip [distance]
The dest_ip and mask is the IP address for the destination network and the gateway_ip is the address of
the next-hop router.
The distance is the administrative distance for the route. The default is 1 if you do not specify a value.
Administrative distance is a parameter used to compare routes among different routing protocols. The
default administrative distance for static routes is 1, giving it precedence over routes discovered by
dynamic routing protocols but not directly connect routes. The default administrative distance for routes
discovered by OSPF is 110. If a static route has the same administrative distance as a dynamic route, the
static routes take precedence. Connected routes always take precedence over static or dynamically
discovered routes.
Static routes remain in the routing table even if the specified gateway becomes unavailable. If the
specified gateway becomes unavailable, you need to remove the static route from the routing table
manually. However, static routes are removed from the routing table if the associated interface goes
down. They are reinstated when the interface comes back up.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Configuring a Static Route, page 8-3
Configuring a Default Route, page 8-4
Monitoring a Static or Default Route, page 8-5
10-5.
Configuring Static and Default Routes
"Configuring IPv6 Default and
8-3