08-18-2008 08:58 AM
I have an ASA 505 all have an ACL in place to allow the management net xxx.xxx. 21.0 0.0.0.255 to ping any computer on the inside of the ASA. Now when I send a ping request it asa gives me the following response.
"Routing failed to locate next hop for icmp from inside 10.xx.180.1/o to xx.xxx.21.60
I have a gateway of last resort set staticlly as
S* 0.0.0.0 0.0.0.0 [1/0] via xxx.xxx.120.125, outside.
My ACl seems to be working
6 Aug 18 2008 11:42:36 302020 xxx.xxx.21.60 10.xxx.180.1 Built inbound ICMP connection for faddr xxx.xx.21.60/768 gaddr 10.xxx.180.1/0 laddr 10.xxx.180.1/0
Any help would be great.
Thanks
mike
08-18-2008 09:40 AM
Mike,
From the management network side if you are trying to access something on the inside, then you would need to have some kind of translation & permission depending on the security levels of the interface.
Do you have them?
Gilbert
08-18-2008 09:42 AM
Mike,
If you do have them, then are you permitting on the ACL to allow the ICMP packet.
Its hard to say without seeing the configs.
Would it be possible if you could get the section of the config, pasted.
Gilbert
08-18-2008 10:32 AM
Here is my config.
The ITS_MGT subnet is xxx.xxx.21.0
ACL is in place to allow ping. Just can't seem to rout response out of ASA.
error again is.
6 Aug 18 2008 13:29:03 110003 10.xx.180.1 xxx.xx.21.60 Routing failed to locate next hop for icmp from inside:10.xx.180.1/0 to inside:xxx.xx.21.60/0
thanks
mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: