Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 18 replies
  • Subscribers 6 subscribers
  • Views 38912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

static routes not applying

Mast_01

Hello,

i'm having an issue with static routes, and i'm pretty sure this broke somewhere around 9.409/410 as it was working before.

i have two gateways in my network, one is the UTM (10.10.10.15) another a cisco ASA(10.10.10.16).

Some IPs/network can only be accessed through the ASA.

let's say one host/network is 8.8.8.8

IF on a workstation i do an add route 8.8.8.8 10.10.10.16 then traffic goes through the ASA correctly.

ON the UTM i made a gateway route that is "host 8.8.8.8" through gateway ASA "10.10.10.16" with metric 1.

 

i then try to access that ip from a station and it's not working, traceroute shows the route is not operational, it goes through the UTM and straight over internet.

 

i checked the routing table in the UTM and the line is there:

8.8.8.8 via 10.10.10.16 dev eth0 proto static metric 1

to troubleshoot further, i have a routerboard laying around and configured the same route, then added a route on the PC to 8.8.8.8 through mikrotik and it's working perfectly, so the issue is the UTM no doubt.

just in case, i also have all the pertinent firewall rules from LAN to those special hosts allowed




This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the route is defined on eth0. Is this the correct interface were the clients are connected to?

    What about the configured interface in the host object 8.8.8.8? Is it correct?

    Could you post the whole routing table of the UTM?

    Jas Man

  • 0 in reply to Jas Man

    eth0 is the lan port, yes client are connected in that LAN, same as the cisco ASA.

     

    "What about the configured interface in the host object 8.8.8.8? Is it correct?", ¿what configured interface?, they're internet hosts (or remote private ip hosts through one of the VPNs in the Cisco ASA)

  • 0 in reply to Mast_01

    You've been around for a long time, Mast, and I know you know the UTM well, so it must be something you're not seeing.  Please show pictures of the Edits of the relevant parts of the configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Shot in the dark here just to be sure. Did you try it with another host ip? Because 8.8.8.8 is google's dns server and maybe the UTM is getting mixed up there ie you have 8.8.8.8 entered somewhere else?

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML