ASA/pri/act# packet-tracer input inside icmp 10.2.132.141 8 0 10.6.0.65 detailed Phase: 1 Type: CAPTURE Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xfeb5bf2b00, priority=13, domain=capture, deny=false hits=237221549, user_data=0xff00811470, cs_id=0x0, l3_type=0x0 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0000.0000.0000 input_ifc=inside, output_ifc=any Phase: 2 Type: ACCESS-LIST Subtype: Result: ALLOW Config: Implicit Rule Additional Information: Forward Flow based lookup yields rule: in id=0xffdc463b60, priority=1, domain=permit, deny=false hits=17757437045, user_data=0x0, cs_id=0x0, l3_type=0x8 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0100.0000.0000 input_ifc=inside, output_ifc=any Phase: 3 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop x.x.x.x using egress ifc VF-outside Phase: 4 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group acl_in in interface inside access-list acl_in extended permit ip any object VPNNET Additional Information: Forward Flow based lookup yields rule: in id=0xffb5113b10, priority=13, domain=permit, deny=false hits=10103642, user_data=0xff87577100, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=VPNNET, mask=255.255.128.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 5 Type: CONN-SETTINGS Subtype: Result: ALLOW Config: class-map class-default match any policy-map global_policy class class-default set connection decrement-ttl service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xff257dd290, priority=7, domain=conn-set, deny=false hits=182689243, user_data=0xff257da470, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 6 Type: NAT Subtype: Result: ALLOW Config: nat (inside,VF-outside) source static HEADOFFICE HEADOFFICE destination static VPNNET VPNNET no-proxy-arp route-lookup Additional Information: Static translate MOR-NPSAM-01/0 to MOR-NPSAM-01/0 Forward Flow based lookup yields rule: in id=0xfe9c61b980, priority=6, domain=nat, deny=false hits=319610, user_data=0xfe9c619dd0, cs_id=0x0, flags=0x0, protocol=0 src ip/id=HEADOFFICE, mask=255.0.0.0, port=0, tag=any dst ip/id=VPNNET, mask=255.255.128.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=VF-outside Phase: 7 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffd5a0aa10, priority=0, domain=nat-per-session, deny=true hits=154043577, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 8 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffdc46a9e0, priority=0, domain=inspect-ip-options, deny=true hits=289767473, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 9 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: class-map inspection_default match default-inspection-traffic policy-map global_policy class inspection_default inspect icmp service-policy global_policy global Additional Information: Forward Flow based lookup yields rule: in id=0xffd64334d0, priority=70, domain=inspect-icmp, deny=false hits=5331114, user_data=0xffd6431720, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 10 Type: INSPECT Subtype: np-inspect Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0xffdc46a160, priority=66, domain=inspect-icmp-error, deny=false hits=5622682, user_data=0xffdc2e4eb0, cs_id=0x0, use_real_addr, flags=0x0, protocol=1 src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=any Phase: 11 Type: VPN Subtype: encrypt Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: out id=0xfebe1f75a0, priority=70, domain=encrypt, deny=false hits=89, user_data=0xbbdae44, cs_id=0xfee5d4f560, reverse, flags=0x0, protocol=0 src ip/id=HEADOFFICE, mask=255.0.0.0, port=0, tag=any dst ip/id=testNET, mask=255.255.255.192, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=VF-outside Phase: 12 Type: NAT Subtype: rpf-check Result: ALLOW Config: nat (inside,VF-outside) source static HEADOFFICE HEADOFFICE destination static VPNNET VPNNET no-proxy-arp route-lookup Additional Information: Forward Flow based lookup yields rule: out id=0xfe9c61c520, priority=6, domain=nat-reverse, deny=false hits=151131, user_data=0xfe9c61ac80, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=HEADOFFICE, mask=255.0.0.0, port=0, tag=any dst ip/id=VPNNET, mask=255.255.128.0, port=0, tag=any, dscp=0x0 input_ifc=inside, output_ifc=VF-outside Phase: 13 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffcb544e60, priority=70, domain=ipsec-tunnel-flow, deny=false hits=89, user_data=0xbbdcbdc, cs_id=0xfee5d4f560, reverse, flags=0x0, protocol=0 src ip/id=testNET, mask=255.255.255.192, port=0, tag=any dst ip/id=HEADOFFICE, mask=255.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=VF-outside, output_ifc=any Phase: 14 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffd5a0aa10, priority=0, domain=nat-per-session, deny=true hits=154043579, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 15 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Reverse Flow based lookup yields rule: in id=0xffc84503b0, priority=0, domain=inspect-ip-options, deny=true hits=21157100, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=VF-outside, output_ifc=any Phase: 16 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 460565582, packet dispatched to next module Module information for forward flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_inspect_icmp snp_fp_translate snp_fp_adjacency snp_fp_encrypt snp_fp_fragment snp_ifc_stat Module information for reverse flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_ipsec_tunnel_flow snp_fp_translate snp_fp_inspect_icmp snp_fp_adjacency snp_fp_fragment snp_ifc_stat Result: input-interface: inside input-status: up input-line-status: up output-interface: VF-outside output-status: up output-line-status: up Action: allow