000017543 - How to add static route in RSA Authentication Manager AM 8.0 or 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Nov 30, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000017543
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform: SUSE Enterprise Linux
O/S Version: 11 Service Pack 3
IssueHow to add static route in RSA Authentication Manager AM 8.0 or 8.1
The static routes added by command "route add" don't work.
ResolutionThe static routes need to be added into both /etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-eth0 (and/or /etc/sysconfig/network/ifroute-eth1 if the second NIC is enabled in AM 8.0/8.1) files. Then "service network restart".

The entries in the routing configuration files look like this:


To omit GATEWAY, NETMASK, PREFIXLEN, or INTERFACE, write - instead. The entries TYPE and OPTIONS may just be omitted.

  • The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or hostname.

  • The second column contains the default gateway or a gateway through which a host or a network can be accessed.

  • The third column contains the netmask for networks or hosts behind a gateway. The mask is, for example, for a host behind a gateway.

  • The last column is only relevant for networks connected to the local host such as loopback, ethernet, ISDN, PPP, and dummy device. The device name must be entered here.

The entries in the routing configuration files look like this:

# Destination     Dummy/Gateway     Netmask            Device       lo       eth0 

default             eth0    eth1        eth1

WorkaroundThe AM 8.1.1 Admin Guide gives slightly different method to add static route, with Teth0 table or corresponding Table
Here is a synopsis example of what the manual says to do;
NotesPri =
DefGW =
remote net =
remote net GW = 
all net masks =
sudo bash -c "echo ' eth0' >> /etc/sysconfig/network/ifroute-eth0"
sudo bash -c "echo ' eth0 table Teth0' >> /etc/sysconfig/network/ifroute-eth0 table Teth0"
sudo service network restart
Note: it appears that the table Teth0 entry is used by Java applications such as openssl and Authentication Manager because if you only configure the first entry without the table Teth0, commands like ping will use the static route while java applications like openssl and AM will use the default route.  This will be very confusing 
Errors received: "RTNETLINK answers: Invalid argument" is received if the bit in the IP address is not zero where the network mask is zero.
Example: NETMASK= with DESTINATION ADDRESS= The "108" in the address needs to be replaced with 0 or replace the network mask with
Legacy Article IDa67015