Cisco ASA 5510, Two Inside Networks, Routing Error

Posted on 2012-08-13
Last Modified: 2012-08-14
Hey all,

Well I'm a bit perplexed by this probably easy issue (easy when you know how to fix it, I guess...)

I need to have another interface acting like a second inside subnet.  When I try to access inside hosts on the secondary inside subnet from the outside, I get a routing error:

%ASA-6-110003: Routing failed to locate next-hop for protocol from src
interface:src IP/src port to dest interface:dest IP/dest port

Actual log entry: 6      Aug 13 2012      14:48:30      110003      x.x.123.232      59147      10.2.x.x      22      Routing failed to locate next hop for TCP from outside: x.x.123.232/59147 to inside:10.2.x.x/22

I dont care about accessing the actual inside to inside subnets as I know that is probably just a NAT statement between the two subnets (I think).  I am hoping its that simple with OUTSIDE to (secondary) INSIDE.


interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 200.x.x.x
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.1.1.x
interface Ethernet0/2
 nameif aosoft
 security-level 100
 ip address 10.2.2.x

object network ITMS_VLAN

object network AOSOFT_VLAN

object network AOSOFT_DRAC_1

access-list outside_access_in extended permit tcp any object ITMS_Exchange object-group smtp
access-list outside_access_in extended permit tcp any object AOSOFT_DRAC_1 object-group tftp

object network ITMS_Exchange
 nat (inside,outside) static 200.x.x.1

object network AOSOFT_DRAC_1
 nat (inside,outside) static 200.x.x.2

object network ANY
 nat (inside,outside) dynamic interface

access-group outside_access_in in interface outside

route outside 200.x.x.x 1


Hopefully this makes sense....
Question by:joshuadway
    LVL 25

    Accepted Solution

    your secondary interface has a name of aosoft but doesn't have any nat statements associated with it for inside or outside.  once those are created and the appropriate ACLs are in place that is all you need to be good
    LVL 1

    Author Closing Comment

    GOOOD GRIEF!!!  I should just hang this up!!!  This is the second NOOB mistake I have made this month!!  

    Thank you!!!  That fixed everything!!!
    LVL 25

    Expert Comment

    LOL.  Well maybe not hang it up, but definitely take a break.  Trust me, that happens to everyone at some point.  Just staring at it so long your brain just puts stuff in there so you see things that aren't really there.  :)
    LVL 1

    Author Comment

    Haha!!  Totally!!  

    And that's exactly what was happening...  I had to walk an old guy through the initial changes over the PHONE...  in phonetics!!  I was certainly burnt out by the time I had control...

    Thanks again!!  All is running nice and smooth...  I'm glad my config did't have to get complicated.  I love clean!  :D

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now