25-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter25 Configuring Static and Default Routes
Configuring Static and Default Routes
You can define a separate default route for tunneled traffic along with the standard default route. When
you create a default route with the tunneled option, all traffic from a tunnel terminating on the ASA that
cannot be routed using learned or static routes is sent to this route. For traffic emerging from a tunnel,
this route overrides any other configured or learned default routes.

Limitations on Configuring a Default Static Route

The following restrictions apply to default routes with the tunneled option:
Do not enable unicast RPF (ip verify reverse-path command) on the egress interface of a tunneled
route, because this setting causes the session to fail.
Do not enable TCP intercept on the egress interface of the tunneled route, because this setting causes
the session to fail.
Do not use the VoIP inspection engines (CTIQBE, H.323, GTP, MGCP, RTSP, SIP, SKINNY), the
DNS inspect engine, or the DCE RPC inspection engine with tunneled routes, because these
inspection engines ignore the tunneled route.
You cannot define more than one default route with the tunneled option.
ECMP for tunneled traffic is not supported.
To add or edit a tunneled default static route in ASDM, perform the following steps:
Step1 On the main ASDM window, choose Configuration > Device Setup > Routing > Static Routes.
Step2 Click Add or Edit.
Step3 In the Options area, choose Tunneled.
Step4 Click OK.
Configuring IPv6 Default and Static Routes
The ASA automatically routes IPv6 traffic between directly connected hosts if the interfaces to which
the hosts are attached are enabled for IPv6 and the IPv6 ACLs allow the traffic.
To add or edit a default static route in ASDM, perform the following steps:
Step1 In the main ASDM window, choose Configuration > Device Setup > Routing > Static Routes.
Step2 Click the IPv6 only radio button.
Step3 Click Add or Edit.
Step4 Click OK.