1.
Manually set up a route in a
dormant manner.
2.
Stable.
3.
Has no impact made by traffic
and transmission failures.
4.
Creates no traffic derived from
routing protocols.
Advantages & Disadvantages:
Static routing needs a network
administrator, with knowledge of the internetwork topology, manually builds and
updates the routing table, programming all routes in the routing table. Static
routers can work well for small internetworks but do not scale well to large or
dynamically changing internetworks due to their manual administration.
Static routers are not fault tolerant. The
lifetime of a manually configured static route is infinite and, therefore,
static routers do not sense and recover from downed routers or downed links.
With the above points, for small business, I
recommend not using dynamic routing though and stick with just static routes.
The reason is that one of the purposes of a firewall is to hide your internal
trusted network addressing and topology. By configuring dynamic routing
support, you might be advertising routes to untrusted networks thus exposing
your network to threats.
 |
| Cisco ASA Configuration |
The main features of dynamic routing:
1.
Automatically sets up a route.
2.
Respond to the changes of the
network.
3.
Automatically select the
optimized route.
4.
Automatically select the backup
route.
Advantages & Disadvantages:
Except for their initial configuration,
dynamic routers require little ongoing maintenance, and therefore can scale to
larger internetworks. Dynamic routing is fault tolerant. Dynamic routes learned
from other routers have a finite lifetime. If a router or link goes down, the
routers sense the change in the internetwork topology through the expiration of
the lifetime of the learned route in the routing table. This change can then be
propagated to other routers so that all the routers on the internetwork become
aware of the new internetwork topology.
The ability to scale and recover from
internetwork faults makes dynamic routing the better choice for medium, large, and very large internetworks.
Details of configuring static routing on Cisco ASAFirewall
 |
| Configuring Static Routing on Cisco ASA Firewall |
The above picture will show the details and help
us understand how to configure static routing better.
To begin with, the ASA connects to the internet on the outside and
also has a DMZ and Internal zones. The default gateway towards the ISP is
200.1.1.1. The DMZ network is 10.0.0.0/24 and the internal LAN1 network is
192.168.1.0/24. LAN1 is directly connected to the Inside interface of the
firewall.
Additionally, there is another internal network, namely LAN2, with
network 192.168.2.0/24. LAN2 is not directly connected to the firewall. Rather,
there is an internal router with address 192.168.1.1 through which we can reach
LAN2. Therefore, in order for the ASA to reach network LAN2, we need to
configure a static route to tell the firewall that network 192.168.2.0/24 can
be reached via 192.168.1.1.
Therefore, we need to configure two static routes---One Default
Static route for Internet access, and one internal static route to reach
network LAN2. For directly connected networks (DMZ and LAN1) we don’t need to
configure a static route since the firewall already knows about these networks
as they are directly connected to its interfaces.
Configuration:
The format of the static route command is:
ASA (config)# route [interface name]
[destination address] [netmask] [gateway]
! First configure a default static route
towards the default gateway
ASA (config)# route outside 0.0.0.0 0.0.0.0
200.1.1.1
! Then configure an internal static route
to reach network LAN2
ASA (config)# route inside 192.168.2.0
255.255.255.0 192.168.1.1
Related to: tech21century.com/configure-static-routing-on-cisco-asa-firewall
No comments:
Post a Comment