Tag Archives: Static Route

ASA Static Route with Object Tracking

August 1, 2015Cisco ASA, SecurityASA, Floating Static Route, NAT, SLA Monitor, Static Route, TrackAmolak

We will use following topology to configure floating static route on Cisco ASA with Object Tracking.

Objective of this task:

Configure floating static route with object tracking
Configure Dynamic NAT via Primary and Backup Link
Configure Static NAT with auto failover between Primary and Backup Link

Basic Configuration on ASA:

interface GigabitEthernet0
 nameif outside
 security-level 0
 ip address 1.1.14.1 255.255.255.0 
!
interface GigabitEthernet1
 nameif outside-2
 security-level 0
 ip address 2.2.14.1 255.255.255.0 
!
interface GigabitEthernet2
 nameif inside
 security-level 100
 ip address 10.10.123.1 255.255.255.0 
!

Primary internet link IP subnet is 1.1.14.0/24 and ISP GW IP is 1.1.14.4.
Backup internet link IP subnet is 2.2.14.0/24 and ISP GW IP is 2.2.14.4
We will track reachability to IP address 4.4.4.4 via primary internet link to confirm if it is working fine.

# Configure static route to reach IP address 4.4.4.4 via primary internet link

route outside 4.4.4.4 255.255.255.255 1.1.14.4

# Create SLA Monitor session

sla monitor 101
 type echo protocol ipIcmpEcho 4.4.4.4 interface outside
 num-packets 5
 frequency 10
sla monitor schedule 101 life forever start-time now

# Create track session

track 1 rtr 101 reachability

# Configure default route via primary internet link with tracking

route outside 0.0.0.0 0.0.0.0 1.1.14.4 1 track 1

# Configure default route via backup internet link with higher administrative distance (i.e, 200, default AD is 1 for static route)

route outside-2 0.0.0.0 0.0.0.0 2.2.14.4 200

# Configure Dynamic NAT rule for LAN users to access internet via primary or backup internet link

object network ANY
 subnet 0.0.0.0 0.0.0.0
!
object network ANY-2
 subnet 0.0.0.0 0.0.0.0
!
object network ANY
 nat (inside,outside) dynamic interface
!
object network ANY-2
 nat (inside,outside-2) dynamic interface

Verify default route and internet access

# Verify SLA Monitor configuration

ASA# show sla monitor configuration 
SA Agent, Infrastructure Engine-II
Entry number: 101
Owner: 
Tag: 
Type of operation to perform: echo
Target address: 4.4.4.4
Interface: outside
Number of packets: 5
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Type Of Service parameters: 0x0
Verify data: No
Operation frequency (seconds): 10
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Life (seconds): Forever
Entry Ageout (seconds): never
Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): Active
Enhanced History:

# Verify SLA Monitor operational status

ASA# show sla monitor operational-state 
Entry number: 101
Modification time: 09:54:01.469 UTC Sat Aug 1 2015
Number of Octets Used by this Entry: 1480
Number of operations attempted: 34
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 8
Latest operation start time: 09:59:31.479 UTC Sat Aug 1 2015
Latest operation return code: OK
RTT Values:
RTTAvg: 8       RTTMin: 1       RTTMax: 20
NumOfRTT: 5     RTTSum: 42      RTTSum2: 602

# Verify track status

ASA# show track 
Track 1
  Response Time Reporter 101 reachability
  Reachability is Up
  2 changes, last change 00:05:45
  Latest operation return code: OK
  Latest RTT (millisecs) 4
  Tracked by:
    STATIC-IP-ROUTING 0

# Verify routing

ASA# show run route
route outside 0.0.0.0 0.0.0.0 1.1.14.4 1 track 1
route outside-2 0.0.0.0 0.0.0.0 2.2.14.4 200
route outside 4.4.4.4 255.255.255.255 1.1.14.4 1
 
ASA# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 1.1.14.4 to network 0.0.0.0

C    1.1.14.0 255.255.255.0 is directly connected, outside
C    2.2.14.0 255.255.255.0 is directly connected, outside-2
S    4.4.4.4 255.255.255.255 [1/0] via 1.1.14.4, outside
C    10.10.123.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.14.4, outside

# Ping internet IP address 5.5.5.5 (It is configured on R5)

R2#ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/48 ms

# Verify NAT on ASA

ASA# show xlate 
3 in use, 3 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from inside:10.10.123.3 to outside-2:2.2.14.103
    flags s idle 0:09:24 timeout 0:00:00
NAT from inside:10.10.123.3 to outside:1.1.14.103
    flags s idle 0:09:30 timeout 0:00:00
ICMP PAT from inside:10.10.123.2/2 to outside:1.1.14.1/35590 flags ri idle 0:00:28 timeout 0:00:30

ASA# show conn address 5.5.5.5
1 in use, 4 most used
ICMP outside 5.5.5.5:0 inside 10.10.123.2:3, idle 0:00:00, bytes 72

# Let's simulate primary internet link failure
# Shutdown int f0/0 on R4

R4#sh run int f0/0
Building configuration...

Current configuration : 92 bytes
!
interface FastEthernet0/0
 ip address 1.1.14.4 255.255.255.0
 speed 100
 full-duplex
end

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#int f0/0
R4(config-if)#shut 
R4(config-if)#
*Mar  1 00:13:08.571: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar  1 00:13:09.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R4(config-if)#

# Verify Track status on ASA

ASA# show track
Track 1
  Response Time Reporter 101 reachability
  Reachability is Down
  3 changes, last change 00:00:31
  Latest operation return code: Timeout
  Tracked by:
    STATIC-IP-ROUTING 0

# Verify Routing

ASA# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 2.2.14.4 to network 0.0.0.0

C    1.1.14.0 255.255.255.0 is directly connected, outside
C    2.2.14.0 255.255.255.0 is directly connected, outside-2
S    4.4.4.4 255.255.255.255 [1/0] via 1.1.14.4, outside
C    10.10.123.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [200/0] via 2.2.14.4, outside-2

# As you see in above output it has selected default route via backup ISP GW (2.2.14.4) now.

# Verify Internet access from LAN and NAT status on ASA. Now LAN subnet is dynamically NAT'ed to backup interface.

R2#ping 5.5.5.5        

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/64 ms

ASA# show xlate 
3 in use, 5 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from inside:10.10.123.3 to outside-2:2.2.14.103
    flags s idle 0:18:18 timeout 0:00:00
NAT from inside:10.10.123.3 to outside:1.1.14.103
    flags s idle 0:18:24 timeout 0:00:00
ICMP PAT from inside:10.10.123.2/6 to outside-2:2.2.14.1/5805 flags ri idle 0:00:39 timeout 0:00:30

ASA# show conn address 5.5.5.5
1 in use, 6 most used
ICMP outside-2 5.5.5.5:0 inside 10.10.123.2:6, idle 0:00:00, bytes 72

# Let's restore primary internet link

R4(config-if)#no shut
R4(config-if)#end
R4#
*Mar  1 00:22:12.595: %SYS-5-CONFIG_I: Configured from console by console
R4#
*Mar  1 00:22:13.935: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar  1 00:22:14.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

# Track status is UP now

ASA# show track
Track 1
  Response Time Reporter 101 reachability
  Reachability is Up
  4 changes, last change 00:00:28
  Latest operation return code: OK
  Latest RTT (millisecs) 8
  Tracked by:
    STATIC-IP-ROUTING 0

# Verify Routing

ASA# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 1.1.14.4 to network 0.0.0.0

C    1.1.14.0 255.255.255.0 is directly connected, outside
C    2.2.14.0 255.255.255.0 is directly connected, outside-2
S    4.4.4.4 255.255.255.255 [1/0] via 1.1.14.4, outside
C    10.10.123.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.14.4, outside

So everything is working as expected, default route is used via primary link when track object IP 4.4.4.4 is reachable and when there is any issue with the primary link, i.e., IP 4.4.4.4 is not reachable via primary link, then this default route is removed and backup link become active. Also NAT translations are done based on the outgoing interface used by default route.

Now we have another requirement, We have a server (10.10.123.3) in LAN which need to be accessed from internet. First, we should have static NAT to be created for this server.

We will create two static NAT entries for this server. So that it can be accessed via either IP and internet link (Primary/Backup)

# Define Objects

object network SERVER-R3-PRIMARY
 host 10.10.123.3
!
object network SERVER-R3-BACKUP
 host 10.10.123.3

# Configure NAT Rules

object network SERVER-R3-PRIMARY
 nat (inside,outside) static 1.1.14.103
!
object network SERVER-R3-BACKUP
 nat (inside,outside-2) static 2.2.14.103

# Verify reachability from Internet (R5) to Server (Real IP: 10.10.123.3, Primary NAT: 1.1.14.103)

R5#ping 1.1.14.103

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.14.103, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/39/40 ms

# Verify NAT status on ASA

ASA# show xlate
2 in use, 5 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from inside:10.10.123.3 to outside-2:2.2.14.103
    flags s idle 0:36:19 timeout 0:00:00
NAT from inside:10.10.123.3 to outside:1.1.14.103
    flags s idle 0:00:11 timeout 0:00:00

ASA# show conn address 10.10.123.3
1 in use, 6 most used
ICMP outside 1.1.45.5:5 inside 10.10.123.3:0, idle 0:00:00, bytes 72

# Primary internet link is down now and default route is changed via backup ISP GW now

ASA# show track 
Track 1
  Response Time Reporter 101 reachability
  Reachability is Down
  5 changes, last change 00:00:01
  Latest operation return code: Timeout
  Tracked by:
    STATIC-IP-ROUTING 0

ASA# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 2.2.14.4 to network 0.0.0.0

C    1.1.14.0 255.255.255.0 is directly connected, outside
C    2.2.14.0 255.255.255.0 is directly connected, outside-2
S    4.4.4.4 255.255.255.255 [1/0] via 1.1.14.4, outside
C    10.10.123.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [200/0] via 2.2.14.4, outside-2

# The Server is still reachable from internet via backup NAT IP

R5#ping 2.2.14.103        

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.14.103, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/40/48 ms

# Verify NAT and connection status on ASA

ASA# sh xlate 
2 in use, 5 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
NAT from inside:10.10.123.3 to outside-2:2.2.14.103
    flags s idle 0:00:00 timeout 0:00:00
NAT from inside:10.10.123.3 to outside:1.1.14.103
    flags s idle 0:04:03 timeout 0:00:00

ASA# show conn address 10.10.123.3
1 in use, 6 most used
ICMP outside-2 1.1.45.5:10 inside 10.10.123.3:0, idle 0:00:00, bytes 72

Good Luck! 🙂

Day One with JUNOS

March 10, 2015JuniperJUNOS, Qualified-next-hop, Static RouteAmolak

I have configured JunOS in GNS3. You can refer below link to simulate a JunOS device with GNS3.

http://muralirajanm.blogspot.in/2011/01/gns3.html

We will discuss these topics in this post:

1. First time login to JunOS device
2. User Account
3. Interface IP address configuration
4. Static Routing in JunOS
5. Floating Static route – Qualified-next-hop

We will use this topology.

When you log in to a JunOS device, you are placed into one of two shells:

– C shell %

– CLI in operational mode user@router> (operational mode)
user@router# (configuration mode)

The root account or user is a predefined user name in JunOS. The root user is by default the administrator or super user, who has absolute permission to both configure and install software on a device. JunOS requires configuration of the root password before it accepts a commit. On a new device the root password must always be a part of the configuration submitted with your initial commit.

There is no default password for root account in initial configuration. You just need to type username as root and hit enter. When you login with root account, you will be placed in ‘C shell’. You have to type ‘cli’ to go to operational mode.

— JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC

root@%

root@% cli

root>

Let’s configure hostname of device.

Type ‘configure’ in cli mode. It will change the prompt and place you in edit configuration mode.

root> configure

Entering configuration mode

[edit]

root#

[edit]

root# set system host-name R1

JunOS device does not use any of this configuration until you issue a commit command.

root# commit

[edit]

‘system’

Missing mandatory statement: ‘root-authentication’

error: commit failed: (missing statements)

[edit]

root#

Commit configuration is failed because root account must have a password before committing any configuration.

Let’s configure password for root account.

root# set system root-authentication plain-text-password
New password: *********
Retype new password: *********

[edit]

root# commit

commit complete

Let’s create other local user account. Class super-user is equivalent to privilege level 15 in Cisco IOS.

root@R1# set system login user amolak authentication plain-text-password

New password:

Retype new password:

[edit]

root@R1# set system login user amolak class super-user

[edit]

root@R1# commit

commit complete

[edit]

root@R1# exit

Exiting configuration mode

root@R1> exit

root@% exit

logout

R1 (ttyd0)

Password:

— JUNOS 10.1R1.8 built 2010-02-12 17:15:05 UTC

amolak@R1>

Now we will configure IP address on interface as per our topology.

– Each and every interface within the JunOS software requires at least one logical interface, called a unit. This is where all addressing and protocol information is configured.

– The inet protocol family supports IP version 4 (IPv4) packets.

amolak@R1# set interfaces em0 unit 0 family inet address 1.1.12.1/24

[edit]

amolak@R1# set interfaces em1 unit 0 family inet address 1.1.21.1/24

[edit]

amolak@R1# set interfaces lo0 unit 0 family inet address 1.1.0.1/32

[edit]

amolak@R1# commit

commit complete

[edit]

amolak@R1#

Similarly, configure R2.

amolak@R2> configure

Entering configuration mode

[edit]

amolak@R2# set interfaces em0 unit 0 family inet address 1.1.12.2/24

[edit]

amolak@R2# set interfaces em1 unit 0 family inet address 1.1.21.2/24

[edit]

amolak@R2# set interfaces lo0 unit 0 family inet address 1.1.0.2/32

[edit]

amolak@R2# commit

commit complete

[edit]

amolak@R2#

Lets verify the IP address on interfaces with show command. I have filtered interfaces only having IPv4 (family inet) address configured with “| match inet’.

amolak@R1> show interfaces terse | match inet
em0.0                   up    up   inet     1.1.12.1/24
em1.0                   up    up   inet     1.1.21.1/24
lo0.0                   up    up   inet     1.1.0.1             –> 0/0

amolak@R2# run show interfaces terse | match inet
em0.0                   up    up   inet     1.1.12.2/24
em1.0                   up    up   inet     1.1.21.2/24
lo0.0                   up    up   inet     1.1.0.2             –> 0/0

Verify the PING reachability.

amolak@R1> ping 1.1.12.2
PING 1.1.12.2 (1.1.12.2): 56 data bytes
64 bytes from 1.1.12.2: icmp_seq=0 ttl=64 time=23.090 ms
64 bytes from 1.1.12.2: icmp_seq=1 ttl=64 time=1.026 ms
^C
— 1.1.12.2 ping statistics —
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.026/12.058/23.090/11.032 ms

amolak@R1> ping 1.1.21.2
PING 1.1.21.2 (1.1.21.2): 56 data bytes
64 bytes from 1.1.21.2: icmp_seq=0 ttl=64 time=2.109 ms
64 bytes from 1.1.21.2: icmp_seq=1 ttl=64 time=0.719 ms
^C
— 1.1.21.2 ping statistics —
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.719/1.414/2.109/0.695 ms

Create a static route to reach Loopback interface IP address.

amolak@R1# set routing-options static route 1.1.0.2/32 next-hop 1.1.12.2

[edit]
amolak@R1# commit
commit complete

amolak@R2# set routing-options static route 1.1.0.1/32 next-hop 1.1.12.1

[edit]
amolak@R2# commit
commit complete

amolak@R1# exit
Exiting configuration mode

Verify PING to loopback interface IP.

amolak@R1> ping 1.1.0.2 source 1.1.0.1
PING 1.1.0.2 (1.1.0.2): 56 data bytes
64 bytes from 1.1.0.2: icmp_seq=0 ttl=64 time=0.650 ms
64 bytes from 1.1.0.2: icmp_seq=1 ttl=64 time=0.964 ms
64 bytes from 1.1.0.2: icmp_seq=2 ttl=64 time=0.780 ms
^C
— 1.1.0.2 ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.650/0.798/0.964/0.129 ms

amolak@R1>

amolak@R1> show route 1.1.0.2

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.2/32 *[Static/5] 00:01:05
> to 1.1.12.2 via em0.0

By default, the static route has a default preference value of five. In general, the default properties assigned to a static route apply to all the next-hop addresses configured for the static route. If, however, you want to configure two possible next-hop addresses for a particular route and have them treated differently, you can define one as a qualified next hop.

Qualified next hops allow you to associate one or more properties with a particular next-hop address. You can set an overall preference for a particular static route and then specify a different preference for the qualified next hop.

First, let’s try without qualified next-hop.

amolak@R1# set routing-options static route 1.1.0.2/32 next-hop 1.1.21.2 preference 10

[edit]
amolak@R1# commit
commit complete

[edit]
amolak@R1# exit
Exiting configuration mode

amolak@R1> show route 1.1.0.2

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.2/32 *[Static/10] 00:00:03
to 1.1.12.2 via em0.0
> to 1.1.21.2 via em1.0

It has changed the preference value to 10 for both the next-hop addresses.

Rollback this configuration. We will discuss rollback feature in some other post. In short, JunOS keeps last fifty configurations (0-49). 0 is the current configuration state number.

amolak@R1# rollback 1
load complete

[edit]
amolak@R1# show | compare
[edit routing-options static route 1.1.0.2/32]
–    next-hop [ 1.1.12.2 1.1.21.2 ];
–    preference 10;
+    next-hop 1.1.12.2;

[edit]

‘show | compare’ compares the current configuration and last committed configuration and shows the differences.

Now lets add a second static route with qualified next-hop.

amolak@R1# set routing-options static route 1.1.0.2/32 qualified-next-hop 1.1.21.2 preference 10

[edit]
amolak@R1# commit
commit complete

The router is using the routes via next-hop marked with asterisk sign.

[edit]
amolak@R1# run show route 1.1.0.2

inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.2/32 *[Static/5] 00:01:10
> to 1.1.12.2 via em0.0
[Static/10] 00:00:03
> to 1.1.21.2 via em1.0

[edit]
amolak@R1#

If we disable (admin shutdown) the interface em0, the R2′s loopback interface IP is reachable via other next-hop now.

amolak@R1# set interfaces em0 disable

[edit]
amolak@R1# commit
commit complete

[edit]
amolak@R1# run show route 1.1.0.2

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.2/32 *[Static/10] 00:01:00
> to 1.1.21.2 via em1.0

[edit]

Activate em0 interface.

amolak@R1# delete interfaces em0 disable

[edit]
amolak@R1# commit
commit complete

[edit]

amolak@R1# run show route 1.1.0.2

inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.2/32 *[Static/5] 00:00:06
> to 1.1.12.2 via em0.0
[Static/10] 00:01:23
> to 1.1.21.2 via em1.0

[edit]
amolak@R1#

Similarly, Configure R2.

[edit]
amolak@R2# set routing-options static route 1.1.0.1/32 qualified-next-hop 1.1.12.1 preference 10

[edit]
amolak@R2# commit
commit complete

[edit]
amolak@R2# run show route 1.1.0.1

inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

1.1.0.1/32 *[Static/5] 02:39:56
> to 1.1.12.1 via em0.0
[Static/10] 00:00:04
> to 1.1.12.1 via em0.0

[edit]
amolak@R2#

Final configuration on both routers.

amolak@R1> show configuration 
## Last commit: 2014-04-14 10:38:46 UTC by amolak
version 10.1R1.8;
system {
    host-name R1;
    root-authentication {
        encrypted-password "$1$EhyKZlJc$0WIdzQaoqwKSMBe92FcGy/"; ## SECRET-DATA
    }
    login {
        user amolak {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$qNdbsrlc$Ha4nBWDuB6OdNpKzXIYZX1"; ## SECRET-DATA
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;         
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                address 1.1.12.1/24;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 1.1.21.1/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 1.1.0.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 1.1.0.2/32 {
            next-hop 1.1.12.2;
            qualified-next-hop 1.1.21.2 {
                preference 10;
            }
        }
    }
}

amolak@R1> 

amolak@R2> show configuration 
## Last commit: 2014-04-14 13:06:44 UTC by amolak
version 10.1R1.8;
system {
    host-name R2;
    root-authentication {
        encrypted-password "$1$2LOSmGiX$1ezYIzYSXOOfyvm15dz5S0"; ## SECRET-DATA
    }
    login {
        user amolak {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$pqvVkBia$MxnHYNRelBmY9IQ8MR.rn/"; ## SECRET-DATA
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;         
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    em0 {
        unit 0 {
            family inet {
                address 1.1.12.2/24;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 1.1.21.2/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 1.1.0.2/32;
            }
        }
    }
}
routing-options {
    static {
        route 1.1.0.1/32 {
            next-hop 1.1.12.1;
            qualified-next-hop 1.1.12.1 {
                preference 10;
            }
        }
    }
}

amolak@R2>

Amolak Networks

Stay Hungry Stay Foolish

Tag Archives: Static Route

ASA Static Route with Object Tracking

Day One with JUNOS