The route enable command enables user network routes (UNRs) for addresses in the NAT address pool.
The undo route enable command disables UNRs for addresses in the NAT address pool.
When an Internet user requests an address in a NAT address pool, the FW receives the request packet but cannot match the packet with the session table, and therefore forwards the packet to the router based on the default route. After the router receives the packet, it sends the packet back to the FW according to the routing table. Then, the packet is circularly forwarded between the FW and router, causing a routing loop. To prevent such a routing loop, you must configure a black-hole route.
After this command is configured, the FW generates a user network route (UNR) for addresses in the NAT address pool. This UNR, like the blackhole route, can prevent route loops and can be imported and advertised by dynamic routing protocols, such as OSPF.
If the address in the NAT address pool and outgoing interface address are in different networks, a black-hole route is required. If they are in the same network, a black-hole route is recommended.
If the address in the address pool is consistent with outgoing interface address, no routing loop will occur, and therefore no black-hole route is required.
By default, UNRs are disabled for addresses in the NAT address pool.