# packet-tracer input internet_outside icmp 172.16.95.181 0 0 192.168.3.200 detailed Phase: 1 Type: CAPTURE Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb77c05e50, priority=13, domain=capture, deny=false hits=191014579, user_data=0x7ffb7d865a50, cs_id=0x0, l3_type=0x0 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0000.0000.0000 input_ifc=internet_outside, output_ifc=any Phase: 2 Type: ACCESS-LIST Subtype: Result: ALLOW Config: Implicit Rule Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb77b64b40, priority=1, domain=permit, deny=false hits=459130805, user_data=0x0, cs_id=0x0, l3_type=0x8 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0100.0000.0000 input_ifc=internet_outside, output_ifc=any Phase: 3 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 192.168.3.200 using egress ifc inside Phase: 4 Type: UN-NAT Subtype: static Result: ALLOW Config: nat (inside,internet_outside) source static any any destination static NETWORK_OBJ_172.16.95.0_24 NETWORK_OBJ_172.16.95.0_24 no-proxy-arp route-lookup Additional Information: NAT divert to egress interface inside Untranslate 192.168.3.200/0 to 192.168.3.200/0 Phase: 5 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group internet_outside_access_in in interface internet_outside access-list internet_outside_access_in extended permit icmp object-group ANYCONNECT_VPN_POOL any object-group network ANYCONNECT_VPN_POOL network-object 172.16.95.0 255.255.255.0 Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb7efe8f80, priority=13, domain=permit, deny=false hits=5487, user_data=0x7ffb6d8d8c40, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=172.16.95.0, mask=255.255.255.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=internet_outside, output_ifc=any Phase: 6 Type: NAT Subtype: Result: ALLOW Config: nat (inside,internet_outside) source static any any destination static NETWORK_OBJ_172.16.95.0_24 NETWORK_OBJ_172.16.95.0_24 no-proxy-arp route-lookup Additional Information: Static translate 172.16.95.181/0 to 172.16.95.181/0 Forward Flow based lookup yields rule: in id=0x7ffb77dd6360, priority=6, domain=nat, deny=false hits=6696022, user_data=0x7ffb77d475d0, cs_id=0x0, flags=0x0, protocol=0 src ip/id=172.16.95.0, mask=255.255.255.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=internet_outside, output_ifc=inside Phase: 7 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb76e4f290, priority=0, domain=nat-per-session, deny=true hits=10743758, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 8 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb77b6c180, priority=0, domain=inspect-ip-options, deny=true hits=11188806, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=internet_outside, output_ifc=any Phase: 9 Type: CP-PUNT Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb77b740f0, priority=79, domain=punt, deny=true hits=2065, user_data=0x7ffb76a3fb10, cs_id=0x0, flags=0x0, protocol=0 src ip/id=172.16.95.181, mask=255.255.255.255, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=internet_outside, output_ifc=any Phase: 10 Type: VPN Subtype: ipsec-tunnel-flow Result: DROP Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7ffb77c110d0, priority=70, domain=ipsec-tunnel-flow, deny=false hits=23015, user_data=0x0, cs_id=0x7ffb7d709240, reverse, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=internet_outside, output_ifc=any Result: input-interface: internet_outside input-status: up input-line-status: up output-interface: inside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule