Cisco Bug: CSCsg39338 - to-the-box traffic from a higher metric route Int dropped for no route.
Apr 22, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
7.2 8.0(4) 8.2(2)
Symptom: Traffic destined TO the ASA fails with a route lookup problem. Traffic THROUGH the ASA works fine. The diagnostics is: %ASA-6-110003: Routing failed to locate next hop for TCP from out2:172.16.2.100/23 to out2:172.16.11.2/2514 or %ASA-6-110003: Routing failed to locate next hop for udp from NP Identity Ifc:172.16.2.100/62465 to out2:172.16.11.2/53257 depending on the ASA version, configuration and protocol being used. Conditions: Configured a default gateway on one interface and a second default gateway on another interface with a higher metric. A client connects to the ASA second interface via ssh, telnet, VPN, etc. Depending on ASA software version and other conditions some of the protocols may work and some of them do not work, but this is not a supported configuration anyway. This problem did not happen in PIX 6.3. It was first noticed on ASA 7.x.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases