Solved: If the error message is that

dave dave · ‎06-09-2014

internet<ASA<Internal LAN>Global WAN MPLS to other sites

hi! We've the setup above in our environment. The ASA box is used to establish tunnel to our HQ if the WAN MPLS is down.

I've issue managing the ASA box from network (internal LAN from other sites) other than the local internal network. I can ping the ASA internal interface from other sites, but when i try to ssh or use the ASDM to manage it, i see that there's a msg "routing failed to locate next hop for TCP from inside xxxx to inside xxxx. There's no FW between the sites (thru Global WAN MPLS). I can ping each other between the sites, and ssh/asdm mgt + acl to allow local + global lan have been added.

I also noticed that i can't ping other sites from the ASA cli. I can only Ping IP ranges configured as static route in the inside interface of the ASA box.

From what i see, everything works fine, it's just that i'm not able to manage the ASA box from other sites.

What could be the issue here?

Thx

Richard Burts · ‎06-09-2014

If the error message is that the ASA could not find a route then it sure does sound like a routing issue. My first suggestion would be to look at the error message, take the destination address from the message and check to see if the ASA has a route to that address (and make sure that the route goes through the inside interface since the error message indicates that it thinks that the destination is inside)

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎06-09-2014

If the error message is that the ASA could not find a route then it sure does sound like a routing issue. My first suggestion would be to look at the error message, take the destination address from the message and check to see if the ASA has a route to that address (and make sure that the route goes through the inside interface since the error message indicates that it thinks that the destination is inside)

HTH

Rick

HTH

Rick

asa mgt issue