1. Home
  2. Cisco Systems
  3. Can't set default route to outside interface

Can't set default route to outside interface

All,

I have a 2811 with the advanced security feature pack. I'm configuring it to replace our old pix and 2621 but I can't set the default route to an "outside" interface (FastEthernet0/1), I can set it to an inside interface easy enough. The line in the config file is the same for both setups:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

But when I enter in the 2nd line I get "Gateway of last resort is not set". I have tried using the IP of the next hop router as well, same results. I also compared it to our existing 2621 and it looks the same. Here are the interface setups:

interface FastEthernet0/0 description Inside$ES_LAN$$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ $FW_INSIDE$ ip address 10.10.3.1 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly duplex full speed 100 ! interface FastEthernet0/1 description Outside$ES_WAN$$ETH-WAN$$FW_OUTSIDE$ ip address 65.123.2.2 255.255.255.128 ip access-group 101 in ip verify unicast reverse-path ip inspect SDM_LOW out ip nat outside ip virtual-reassembly duplex full speed 100 crypto map SDM_CMAP_1 !

Could there be something in the ACLs that are causing problems? Is there any other information you all need to help with this?

Reply to
tomarseneault
Loading thread data ...

Hello, tomarseneault!

t> I have a 2811 with the advanced security feature pack. I'm configuring t> it to replace our old pix and 2621 but I can't set the default route t> to an "outside" interface (FastEthernet0/1), I can set it to an inside t> interface easy enough. The line in the config file is the same for t> both setups:

t> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Default route to inside network?

t> ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

Change route records to:

ip route 0.0.0.0 0.0.0.0 ip.add.ress.GATE1 ip route 0.0.0.0 0.0.0.0 ip.add.ress.GATE2

t> But when I enter in the 2nd line I get "Gateway of last resort is not t> set". I have tried using the IP of the next hop router as well, same t> results. I also compared it to our existing 2621 and it looks the t> same. Here are the interface setups:

t> interface FastEthernet0/0 t> description Inside$ES_LAN$$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ t> $FW_INSIDE$ t> ip address 10.10.3.1 255.255.255.0 t> ip access-group 100 in t> ip nat inside t> ip virtual-reassembly t> duplex full t> speed 100 t> ! t> interface FastEthernet0/1 t> description Outside$ES_WAN$$ETH-WAN$$FW_OUTSIDE$ t> ip address 65.123.2.2 255.255.255.128 t> ip access-group 101 in t> ip verify unicast reverse-path t> ip inspect SDM_LOW out t> ip nat outside t> ip virtual-reassembly t> duplex full t> speed 100 t> crypto map SDM_CMAP_1 t> !

With best regards, Andrew Lutov. E-mail: andrew_l @ newmail.ru

Reply to
Andrew Lutov

try configuring:

ip routing ip clasless

to see if it makes any difference

Reply to
Merv

This turned out to be a "well duh" on my test bench I only had the inside interface plugged in to do the configuration but it turns out that the interface has to be up in order for the cisco the even think about routing out it, once I plugged the outside interface into a switch: boom everything started working. Thanks for your help.

Tom

Reply to
tomarseneault

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.