Guest

Preview Tool

Cisco Bug: CSCsg39338 - to-the-box traffic from a higher metric route Int dropped for no route.

Last Modified

Mar 03, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

7.2 8.0(4) 8.2(2)

Description (partial)

Symptom:

Traffic destined TO the ASA fails with a route lookup problem. Traffic THROUGH the ASA works fine. The diagnostics is:

%ASA-6-110003: Routing failed to locate next hop for TCP from out2:172.16.2.100/23 to out2:172.16.11.2/2514

or

%ASA-6-110003: Routing failed to locate next hop for udp from NP Identity Ifc:172.16.2.100/62465 to out2:172.16.11.2/53257

depending on the ASA version, configuration and protocol being used.

Conditions:

Configured a default gateway on one interface and a second default gateway on another interface with a higher metric. A client connects to the ASA second interface via ssh, telnet, VPN, etc. Depending on ASA software version and other conditions some of the protocols may work and some of them do not work, but this is not a supported configuration anyway.

This problem did not happen in PIX 6.3. It was first noticed on ASA 7.x.

Related Community Discussions

Remote Access VPN - IPSec
Hi Support Community, I have an ASA with dual ISP (gig0/0 and gig0/1) and gig0/1 has a default route with admin distance of 254 for backup purpose. I just created Cisco Anyconnect on the ASA using the wizard and I can connect to both interfaces.   The IPSec tunnel configuration is also there and I tried creating an IPSec VPN entry on the with my iPhone and I can connect to gig0/0 or gig0/1 if gig0/0 is shut down.  But I can't connect to gig0/1 if gig0/0 is up. When I run "show crypto isa sa", I get ...
Latest activity: Mar 18, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.