21-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter21 Routing Overview
Supported Internet Protocols for Routing
a level 6 syslog message 110001 generated (no route to host), even if there is another route for a given
destination network that belongs to a different egress interface. If the route that belongs to a selected
egress interface is found, the packet is forwarded to the corresponding next hop.
Load sharing on the ASA is possible only for multiple next hops available using a single egress interface.
Load sharing cannot share multiple egress interfaces.
If dynamic routing is in use on the ASA and the route table changes after XLATE creation (for example,
route flap), then destination translated traffic is still forwarded using the old XLATE, not via the route
table, until XLATE times out. It may be either forwarded to the wrong interface or dropped with a level
6 syslog message 110001 generated (no route to host), if the old route was removed from the old
interface and attached to another one by the routing process.
The same problem may happen when there are no route flaps on the ASA itself, but some routing process
is flapping around it, sending source-translated packets that belong to the same flow through the ASA
using different interfaces. Destination-translated return packets may be forwarded back using the wrong
egress interface.
This issue has a high probability in some security traffic configurations, where virtually any traffic may
be either source-translated or destination-translated, depending on the direction of the initial packet in
the flow. When this issue occurs after a route flap, it can be resolved manually by using the clear xlate
command, or automatically resolved by an XLATE timeout. The XLATE timeout may be decreased if
necessary. To ensure that this issue rarely occurs, make sure that there are no route flaps on the ASA and
around it. That is, ensure that destination-translated packets that belong to the same flow are always
forwarded the same way through the ASA.
Supported Internet Protocols for Routing
The ASA supports several Internet protocols for routing. Each protocol is briefly described in this
section.
Enhanced Interior Gateway Routing Protocol (EIGRP)
EIGRP provides compatibility and seamless interoperation with IGRP routers. An
automatic-redistribution mechanism allows IGRP routes to be imported into Enhanced IGRP, and
vice versa, so it is possible to add Enhanced IGRP gradually into an existing IGRP network.
For more information about configuring EIGRP, see the “Configuring EIGRP” section on page 27-3.
Open Shortest Path First (OSPF)
Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP) networks
by the interior gateway protocol (IGP) working group of the Internet Engineering Task Force
(IETF). OSPF uses a link-state algorithm to build and calculate the shortest path to all known
destinations. Each router in an OSPF area includes an identical link-state database, which is a list
of each of the router usable interfaces and reachable neighbors.
For more information about configuring OSPF, see the “Configuring OSPF” section on page24-3.
Routing Information Protocol
The Routing Information Protocol (RIP) is a distance-vector protocol that uses hop count as its
metric. RIP is widely used for routing traffic in the global Internet and is an interior gateway
protocol (IGP), which means that it performs routing within a single autonomous system.
For more information about configuring RIP, see the “Configuring RIP” section on page25-4.