firewall-asa(config)# no route INSIDE 192.168.0.0 255.255.255.0 172.16.0.254
ERROR: Cannot remove connected route
firewall-asa(config)#
The above error is caused when you try to route a directly connected interface to another subnet. In order to remove this route, you need to shutown the interface, then remove the route.
For example, if you...Read More »
The normal commands to show configuration items don’t work as expected for sysopt.
asa/pri/act# sh run sysopt
asa/pri/act#
asa/pri/act# sh run | include sysopt
asa/pri/act#
asa/pri/act# more system:running-config | include sysopt
asa/pri/act#
You need to use the “show run all sysopt” command.
asa/pri/act# show run all sysopt
no sysopt connection timewait
sysopt connection...Read More »
Never specific anything other than IP (such as TCP or UDP), when creating an ACL on the ASA for an ACL used within a NAT statement. If you do, you may get this error:
ERROR: ACE contains port, protocol, or deny. Removing NAT configuration
The above means that all of your NAT...Read More »
Why does packet-tracer sometimes work when used within a multi-context environment, but sometimes not work? It can seem rather random as to the success, but it is actually quite predictable, once you know why it does fail when it does.
Packet-tracer simulates a packet arriving on an interface, and the internal...Read More »
Leave a Reply