Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

l2tp over ipsec asa 5505 %ASA-6-110003 error

Hi,

First of all, apologies for my lack of awareness. It's hard managing Cisco routers when you are newbie. I am learning Cisco as far as I can.

My issue is that I'm trying to setup a l2tp over ipsec vpn connection in my company in order to provide a secure connection however I was not successfully so far. By the time I establish a connection from my home I get this info from ASA:

> show crypto isakmp sa:

4   IKE Peer: 188.76.164.162

    Type    : user            Role    : responder

    Rekey   : no              State   : MM_WAIT_MSG3

> Log Viewer

6          Aug 16 2013          14:11:14          110003          87.216.165.41          500          188.76.164.162          500          Routing failed to locate next hop for UDP from identity:87.216.165.41/500 to outside:188.76.164.162/500

Clientes SO: Windows 7/8 (Services: IKE and AutIP IPSec and IPsec Policy Ageng enabled as well, firewall windows off)

I've tried to find out what’s is wrong making search on google and forums however I couldn’t find the solution.

Attached is my running config.

any help is more than wellcome

Best,

Antonio

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

l2tp over ipsec asa 5505 %ASA-6-110003 error

Hi Antonio,

It is a routing problem in your ASA.

route outside-other 0.0.0.0 0.0.0.0 192.168.4.1 100

route outside-backup 0.0.0.0 0.0.0.0 192.168.0.1 200

But you terminate the VPN at the outside interface (pppoe) which doesn't have a default route to send traffic back to the L2TP client.

Rule of thumb: Have a default route at the same interface where you terminate remote-access VPN. 

To make the test from (188.76.164.162) work, you can add the following route:

route outside 188.76.164.162 255.255.255.255 87.216.40.1  1 

But such specific route will not be a solution if you expect vpn users to come from different locations. A default route is needed or alternatively you may move the crypto map to the interface which has the default route.

Regards.
Mashal Alshboul

------------------ Mashal Shboul
1 REPLY
Bronze

l2tp over ipsec asa 5505 %ASA-6-110003 error

Hi Antonio,

It is a routing problem in your ASA.

route outside-other 0.0.0.0 0.0.0.0 192.168.4.1 100

route outside-backup 0.0.0.0 0.0.0.0 192.168.0.1 200

But you terminate the VPN at the outside interface (pppoe) which doesn't have a default route to send traffic back to the L2TP client.

Rule of thumb: Have a default route at the same interface where you terminate remote-access VPN. 

To make the test from (188.76.164.162) work, you can add the following route:

route outside 188.76.164.162 255.255.255.255 87.216.40.1  1 

But such specific route will not be a solution if you expect vpn users to come from different locations. A default route is needed or alternatively you may move the crypto map to the interface which has the default route.

Regards.
Mashal Alshboul

------------------ Mashal Shboul
385
Views
0
Helpful
1
Replies
CreatePlease to create content