000017543 - How to add static route in RSA Authentication Manager AM 8.0 or 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017543
Applies ToRSA Authentication Manager (AM) 8.0 or 8.1
IssueHow to add static route in RSA Authentication Manager AM 8.0 or 8.1
The static routes added by command "route add" don't work.
ResolutionThe static routes need to be added into both /etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-eth0 (and/or /etc/sysconfig/network/ifroute-eth1 if the second NIC is enabled in AM 8.0/8.1) files. Then "service network restart".

The entries in the routing configuration files look like this:


 DESTINATION           GATEWAY NETMASK   INTERFACE [ TYPE ] [ OPTIONS ] DESTINATION           GATEWAY PREFIXLEN INTERFACE [ TYPE ] [ OPTIONS ] DESTINATION/PREFIXLEN GATEWAY -         INTERFACE [ TYPE ] [ OPTIONS ]  

To omit GATEWAY, NETMASK, PREFIXLEN, or INTERFACE, write - instead. The entries TYPE and OPTIONS may just be omitted.




  • The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or host name.



  • The second column contains the default gateway or a gateway through which a host or a network can be accessed.



  • The third column contains the netmask for networks or hosts behind a gateway. The mask is 255.255.255.255, for example, for a host behind a gateway.



  • The last column is only relevant for networks connected to the local host such as loopback, ethernet, ISDN, PPP, and dummy device. The device name must be entered here.



The entries in the routing configuration files look like this:


 # Destination     Dummy/Gateway     Netmask            Device  


 127.0.0.0         0.0.0.0           255.255.255.0      lo  

 204.127.235.0     0.0.0.0           255.255.255.0      eth0  

 default           204.127.235.41    0.0.0.0            eth0  

 207.68.156.51     207.68.145.45     255.255.255.255    eth1  

 192.168.0.0       207.68.156.51     255.255.0.0        eth1 

https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_basicnet_manconf.html
WorkaroundThe AM 8.1.1 Admin Guide gives slightly different method to add static route, with Teth0 table or corresponding Table
Here is a synopsis example of what the manual says to do;
 
NotesPri = 192.168.1.84
DefGW = 192.168.1.61
remote net = 10.53.69.0
remote net GW = 192.168.1.92 
all net masks = 255.255.255.0
sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0' >> /etc/sysconfig/network/ifroute-eth0"
sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0 table Teth0' >> /etc/sysconfig/network/ifroute-eth0 table Teth0"
sudo service network restart
Note: it appears that the  table Teth0 entry is used by Java applications such as openssl and Authentication Manager, because if you only configure the first entry without the table Teth0, commands like ping will use the static route while java applications like openssl and AM will use the default route.  This will be very confusing 
Legacy Article IDa67015

Attachments

    Outcomes