Routing on the Cisco ASA Firewalls
By default, Cisco ASA firewalls support routing capabilities enabling customers to configure various routing scenarios on it. Basically, Static routes are user-defined, manually created routes which can be created on a Cisco ASA Firewall using route command.
Generally, the administrators are responsible for creating routes for each network that is available on their topology. So, if a new route is added in the network, you would need to add the new route manually on each and every router. Although, static routes are not suitable for a large or dynamic environment.
Cisco ASA Static Route Configuration
The syntax for the static route command is as follows:
ASA# route [Exit Interface] [Destination Network] [Mask] [Next Hop]
For instance, if the ASA wants to reach the 10.0.0.0/24 network, you should create a static route using the following command:
ASA# route inside 10.0.0.0 255.255.255.0 10.2.2.1
Note: The next Hop should be reachable or directly connected.
What is Default Routes?
Actually, default routes define a router as the default gateway for your device. When there is no entry for the destination network in routing table, the router will forward the packet to its default router. Default routes help in reducing the size of you routing table. Essentially, every default route is a static route with special destination network and network mask which can defined by 0.0.0.0 in the most general term. The syntax for default route in the ASA firewall is:
ASA# route [Exit Interface] 0.0.0.0 0.0.0.0 [Next Hop]
Cisco ASA Route Verification Commands
Customers can use the following commands to verify ASA route configuration:
ASA# show run route
ASA# show route
ASA# ping [IP]