11-03-2015 08:28 AM - edited 03-11-2019 11:49 PM
Odd problem when configuring SLA on an ASA, i keep getting route lookup failure when trying to ping an remote host across an IPSEC tunnel. I've tried the below utilizing both the inside and outside interfaces but both fail. The ping from the ASA is successful which is confusing. I've masked the IP's.
sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x interface outside
frequency 5
sla monitor schedule 1 life forever start-time now
sla monitor 2
type echo protocol ipIcmpEcho x.x.x.x interface inside
frequency 5
sla monitor schedule 2 life forever start-time now
%ASA-6-110003: Routing failed to locate next hop for icmp from NP Identity Ifc:x.x.x.x/0(inside interface of ASA) to inside:x.x.x.x/0(remote system i'm trying to ping)
Successful ping:
FW01# ping inside x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/44/50 ms
Thoughts or suggestions would be appreciated.
11-07-2015 07:48 AM
Hi Darren,
Could you please share the output of 'show route' and 'show run route',
Regards,
Akshay Rastogi
11-09-2015 06:56 AM
Issue has been resolved.
I had to add the remote FW IP as interesting traffic which worked.
Thanks.
11-19-2018 04:31 AM
Hello Darren,
I have an exatly same issue so could i ask you to clarify what does it mean that you add remote FW ip as interesting traffic?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide