[c-nsp] ASA PAT question
Hemal Shah
purvi.hemal at gmail.com
Mon Apr 23 10:54:26 EDT 2012
Hi All,
Today I have tested MessageLabs rule using packet tracer on ASA 5510 8.4(2)
version:
Packet tracer rule:
[cid:image001.png at 01CD216F.F805D270]
Here is the debug error output from ASDM:
Explanation:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse
flows; Connection protocol src interface_name:source_address/source_port
[(idfw_user)] dst interface_name:dst_address/dst_port [(idfw_user)] denied
due to
NAT reverse path failure
Recommended Action :
When not on the same interface as the host using NAT, use the mapped
address instead of the actual address to connect to the host. In addition,
enable the inspect command if the application embeds the IP address.
Details:
Asymmetric NAT rules matched for forward and reverse flows; Connection for
tcp src OUTSIDE:117.120.16.1/1065 dst INSIDE:10.1.1.197/25 denied due to
NAT reverse path failure
Has anybody come across similar problem?
Thanks
Hemal
More information about the cisco-nsp
mailing list