Dynamic Routes
Besides creating static routes manually, the Cisco Security Appliance also supports some
dynamic routing functionality. Dynamic routes are created based on routing protocols that
automatically add entries into the Security Appliance’s routing table. The Security Appliance
supports the following two different routing protocols, but only one can be active on a single
Security Appliance:
■ RIP
■ OSPF
NOTE Although you can configure the Security Appliance to generate an ARP request to
determine the destination address to which to send traffic, this configuration is not
recommended. ARP is an unauthenticated protocol and this configuration can pose a
security risk.
Example 11-1 Output of the show route Command
pix515a# show route
intf5 0.0.0.0 0.0.0.0 10.89.141.1 1 OTHER static
inside 10.10.10.0 255.255.255.0 10.10.10.1 1 CONNECT static
inside 10.10.20.0 255.255.255.0 10.10.10.2 2 OTHER static
intf5 10.89.141.0 255.255.255.0 10.89.141.80 1 CONNECT static
intf4 172.16.1.0 255.255.255.0 172.16.1.1 1 CONNECT static
outside 192.168.10.0 255.255.255.0 192.168.10.80 1 CONNECT static
pix515a#
NOTE You can also remove individual routes by placing the no keyword in front of the
original command used to create the static route.
IP Routing 281
The Security Appliance can learn new routes based on the RIP routing broadcasts, but the
Security Appliance does not have the functionality to propagate these learned routes to other
devices. With OSPF, the Security Appliance learns new routes, and it can also propagate that
information to other devices.