Routing failed to locate next hop

pdesjardins1
pdesjardins1 used Ask the Experts™
on

Hello, I need a little help on this one. I have something wrong with my routing/tunnels. The tunnel between 10.13 and .77 is established. .77 can talk to 10.13....but only if .77 starts the communication.

Example. 192.168.77.1 can ping 10.13.1.112.    BUT 10.13.1.122 cannot ping 77.1.

I get the error below in the log viewer.
Routing failed to locate next hop for ICMP from inside:10.13.1.112/768 to inside:192.168.77.1/0

What do I have wrong?
(please note that only tunnel 192.168.77.0 is active. All others are pending.)

5510.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
John MeggersNetwork Architect

Commented:
What peer is the 192.168.77.0 subnet connected to?  Looks like everything is going through a 209.x.x.x next-hop from the route statements, but I wonder if your ACL matches up with a crypto map statement.  I see:

access-list aclToVF extended permit ip 10.13.0.0 255.255.240.0 192.168.77.0 255.255.255.0

But I don't see a crypto map statement matching that ACL name.

--John

Author

Commented:
Sorry, rookie mistake. That running config was an old one.

For crypto map statement i have:
crypto map crmVpnToSite 1 match address aclToVF
crypto map crmVpnToSite 1 set peer 96.x.x.x
crypto map crmVpnToSite 1 set transform-set X
You dont have to define route for the remote network yourself...it will come automatically in routing table of the firewall when the tunnel will be up...
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

The crypto map that mentioned in your comment is not present in the config file attached....

Author

Commented:
Sorry for the confusion. Here is a new running config.
5510a.txt
Resolved.

In trying to fix a hairpinning issues I had entered the line:
static (inside,inside) 192.168.77.0 192.168.77.0 netmask 255.255.255.0

Removing that line fixed my 'failed to find next hop' issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial