Basic Routing to the Internet
The ASA needs to know how to forward traffic. Just like a router, ASAs can learn routes via dynamic routing protocols (interior gateway protocols [IGP] not Border Gateway Protocol [BGP]) from directly connected networks (which an ASA knows how to reach because it is directly connected) or default routes. If you want to look at or modify the routing table on the ASA, navigate to Configuration > Device Setup > Routing. From this location, you can view or manage static routes and dynamic routing protocols. If you want to add a static route such as a default route, you do that by clicking the Static Routes link and then clicking the Add button. From there, you use the drop-down menu to choose the interface where you are going to add this route. (This means the interface closest to the next hop where traffic will flow out of this interface to reach the destination network.) Figure 16-12 shows adding a static default route.
The default gateway IP address (for use by the ASA) is the IP address of your service provider that is giving you access to the Internet. After you click OK and then Apply, the changes are sent to the ASA. Example 16-6 shows the CLI equivalent for these commands.
Example 16-6 CLI Equivalent for Adding a Static Route
! this tells the ASA that the default route will use the next hop of
! 23.1.2.7
! which is located off of the outside interface (on that same subnet)
ASA1(config)# route outside 0.0.0.0 0.0.0.0 23.1.2.7
