I get the following message when I try to connect a remote VPN client to the Cisco ASA 5505 FW:
Routing failed to locate next hop for udp from NP Identity Ifc: a.b.c.d/xyz to outside:192.168.1.141/xyz
The 192.168.1.141 is my inside IP address of the client machine. That machine is connected to the internet via a DSL router. The a.b.c.d IP address is the address of the outside interface of my host end firewall. I am statically routing on the ASA. When I debug the crypto isakmp, I get landed on the tunnel_group correctly. It is as if the response packet from the ASA can not get back to the client.
Re: Routing failed to locate next hop for UDP from NP Identity
10 years 3 months ago #28481
I got the same error Routing failed to locate next hop for udp from NP Identity and saw this post. I had made significant interfaces changes, including a change to the management interface which caused the error to show up. I had to create a new self-signed certificate, but still saw the error. I started to follow the Cisco recommended course of collecting the "show asp table routing" in preparation for opening up a ticket with TAC. I decided to first search the configuration for the IP address listed in the error, but came up with nothing. I then searched for the first 3 octets of the address in the config and discovered an ntp server command that used an ntp server located on the network reported in the error message and configured to use the Management interface. I updated the ntp command with the correct settings and the error stopped.