Solved: Re: Remote VPN via the internal network - Page 2

Kishore Chennupati · ‎01-28-2013

Hi All,

I have a small request. I have a setup where the internal users within the corporate network need to remote VPN into the VPN concentrator.

The setup is as below

inside

(202.x.x.x)VPN ASA 5520 ---------------- FW ------------- intenal network

----------------

outside

The problem is that the 10.0.0.0/8 internetl network establishes the connection via the outside interface. However, the return path is via the inside interface. But the vpn concentrator keeps showing next-hop not reachable for USP 500. Why does it show that when it has a route via the inside interface.

6|Jan 29 2013 13:44:38|110003: Routing failed to locate next hop for udp from NP Identity Ifc:202.x.x.x..29/62465 to outside:10.163..x.x/5892

Also, since we are trying to send traffic from outside to the inside interface, I tried to NAT the source ip i.e 202.x.x.x and left the source unaltered.

But it still doesnt work.

I am wondering why is the ASA not routing via the inside interface and looks for the return traffic via the same outside interface the traffic entered in.

The outside has a security-level of 0 and the isnide has a sec-level of 100.

Any help would be appreciated.

If you need any config etc , please let me know

Regards

Kishore Chennupati · ‎02-03-2013

I believe on the old PIX its a bug because i can see that we used uRPF on it as well.

ip verify reverse-path interface outside

ip verify reverse-path interface inside

therefore it should have never worked with the routing above in my prev post

Jennifer Halim · ‎02-03-2013

Spot on... agree with you. It should never have worked.

Kishore Chennupati · ‎02-03-2013

Thanks Jenny