Showing results for 
Search instead for 
Did you mean: 

Remote VPN via the internal network

Kishore Chennupati
Rising star
Rising star

Hi All,

I have a small request.  I have a setup where the internal users within the corporate network need to remote VPN into the VPN concentrator.

The setup is as below


(202.x.x.x)VPN ASA 5520 ----------------    FW ------------- intenal network



The problem is that the internetl network establishes the connection via the outside interface. However, the return path is via the inside interface. But the vpn concentrator keeps showing next-hop not reachable for USP 500. Why does it show that when it has a route via the inside interface.

6|Jan 29 2013 13:44:38|110003: Routing failed to locate next hop for udp from NP Identity Ifc:202.x.x.x..29/62465 to outside:10.163..x.x/5892

Also, since we are trying to send traffic from outside to the inside interface, I tried to NAT the source ip i.e 202.x.x.x and left the source unaltered.

But it still doesnt work.

I am wondering why is the ASA not routing via the inside interface and looks for the return traffic via the same outside interface the traffic entered in.

The outside has a security-level of 0 and the isnide has a sec-level of 100.

Any help would be appreciated.

If you need any config etc , please let me know


17 Replies 17

I believe on the old PIX its a bug because i can see that we used uRPF on it as well.

ip verify reverse-path interface outside

ip verify reverse-path interface inside

therefore it should have never worked with the routing above in my prev post

Spot on... agree with you. It should never have worked.

Thanks Jenny

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers