Invalid next hop address, it belongs to one of our interfaces

bjoern.sommer · ‎05-10-2017

Hello Cisco-Experts

I have a simple Problem :

[ERROR] route inside 0.0.0.0 0.0.0.0 192.168.1.1 tunneled
%Invalid next hop address, it belongs to one of our interfaces

Routing Now:

outside

0.0.0.0

89.246.xx.xx

1

None

192.168.1.1 = ASA-Router

I have Setup VPN-SSL and its working

I want tunnel all traffic over VPN (no Split tunnling) for that i need a static route:

route inside 0.0.0.0 0.0.0.0 192.168.1.1 tunneled

But the ASDM say: %Invalid next hop address, it belongs to one of our interfaces

But why ?

THX for any help

cofee · ‎05-10-2017

Who owns 192.168.1.1? Just make sure next hop address is not configured on the firewall that's giving you error.

bjoern.sommer · ‎05-10-2017

ok I understand so i must do this

route inside 0.0.0.0 0.0.0.0 89.246.xx.xx tunneled

but than he say :

You have another route configure for this network any4 which has same gateway. ....

The other one is :

outside

0.0.0.0

89.246.xx.xx

1

None

But i need both routes.

What can i do ?

cofee · ‎05-10-2017

Please explain what you are trying to accomplish and how your network is set up. A small drawing will help, just want to see what the traffic flow is.

vivek srivastava · ‎05-10-2017

I hope you must have a switch/router connected to inside interface of the ASA and that device is acting as gateway to your internal network. If that's true then use below:

route inside 0.0.0.0 0.0.0.0 192.168.1.x tunneled

here 192.168.1.x should be the IP address of the switch/router Layer-3 interface which is directly connected to ASA. The error which you are getting is because you use ASA's interface IP (192.168.1.1) as next-hop

vivek srivastava · ‎05-15-2017

is it resolved ?