cancel
Showing results for 
Search instead for 
Did you mean: 
mike18
Level 7
Report Inappropriate Content
Message 1 of 3

Routing failed to locate next hop

Jump to solution

Hi Everyone,

Here is setup

Cisco fw1----Ext-------------Inside -------Mcafee ------External

Cisco Switch is connected to External Interface of Firewall.

I can ping it from Mcafee firewall.

But when i try to connect to switch connected to external interface of MCafee via ssh it says

30

Routing failed to locate next hop for TCP from Inside :192.168.50.1/22 to Inside :172.30.50.1

Regards

Mike

1 Solution

Accepted Solutions
PhilM
Level 14
Report Inappropriate Content
Message 2 of 3

Re: Routing failed to locate next hop

Jump to solution

I'm not 100% sure of your diagram (does the presence of two externals - "Ext" and "External" mean there are two Firewalls here?), but it would suggest that there may well be a routing issue, but not necessarily with McAfee Firewall.

  • Does the source host have an explicit route or default gateway that would route traffic for the destination network via the internal IP address of the 1st Firewall?
  • Does that first Firewall have an explicit route or default gateway that would route traffic for the destinaion network via the internal IP address of the McAfee Firewall?
  • If the traffic passing through the 1st Firewall is not having source NAT applied (retaining the original source IP address), is there a static route present on the McAfee Firewall that would route traffic for the source host's subnet back via the "external" address of the 1st Firewall?

If any one of the above questions is answered "no", and assuming there is an appropriate SSH rule allowing this traffic to pass through each Firewall, then this is why the connection attempt is failing.

-Phil.

2 Replies
PhilM
Level 14
Report Inappropriate Content
Message 2 of 3

Re: Routing failed to locate next hop

Jump to solution

I'm not 100% sure of your diagram (does the presence of two externals - "Ext" and "External" mean there are two Firewalls here?), but it would suggest that there may well be a routing issue, but not necessarily with McAfee Firewall.

  • Does the source host have an explicit route or default gateway that would route traffic for the destination network via the internal IP address of the 1st Firewall?
  • Does that first Firewall have an explicit route or default gateway that would route traffic for the destinaion network via the internal IP address of the McAfee Firewall?
  • If the traffic passing through the 1st Firewall is not having source NAT applied (retaining the original source IP address), is there a static route present on the McAfee Firewall that would route traffic for the source host's subnet back via the "external" address of the 1st Firewall?

If any one of the above questions is answered "no", and assuming there is an appropriate SSH rule allowing this traffic to pass through each Firewall, then this is why the connection attempt is failing.

-Phil.

mike18
Level 7
Report Inappropriate Content
Message 3 of 3

Re: Routing failed to locate next hop

Jump to solution

Hi Phil,

You were spot on it was routing issue with Switch.It has no Route back to MCafee firewall.

I added the Route to switch and all worked fine.

Regards

Mike

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community