topic ASA policy-nat is working but acl is not hit in Network Access Control https://community.cisco.com/t5/network-access-control/asa-policy-nat-is-working-but-acl-is-not-hit/m-p/2105534#M161681 <P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">Hope you guys can help explain why is it working this strange. Thank you.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">access-list NET1 permit ip host 10.1.2.27 10.76.5.0 255.255.255.224</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">static (inside,outside) 192.168.100.100 access-list NET1</P><P></P><P></P><P>ciscoasa(config)# show access-list </P><P>access-list NET1 line 1 extended permit ip host 10.1.2.27 10.76.5.0 255.255.255.224 (hitcnt=0) 0x19580e75 </P><P></P><P>ciscoasa(config)# show xlate</P><P>3 in use, 4 most used</P><P>Global 192.168.100.100 Local 10.1.2.27</P><P></P><P>...</P><P>ciscoasa(config)# show nat</P><P>NAT policies on Interface inside:</P><P>&nbsp; match ip inside 10.1.2.27 255.255.255.255 outside 10.76.5.0 255.255.255.224</P><P>&nbsp;&nbsp;&nbsp; static translation to 192.168.100.100</P><P>&nbsp;&nbsp;&nbsp; translate_hits = 9, untranslate_hits = 28</P> Mon, 11 Mar 2019 02:57:00 GMT sok_senmonorom 2019-03-11T02:57:00Z ASA policy-nat is working but acl is not hit https://community.cisco.com/t5/network-access-control/asa-policy-nat-is-working-but-acl-is-not-hit/m-p/2105534#M161681 <P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">Hope you guys can help explain why is it working this strange. Thank you.</P><P></P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">access-list NET1 permit ip host 10.1.2.27 10.76.5.0 255.255.255.224</P><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">static (inside,outside) 192.168.100.100 access-list NET1</P><P></P><P></P><P>ciscoasa(config)# show access-list </P><P>access-list NET1 line 1 extended permit ip host 10.1.2.27 10.76.5.0 255.255.255.224 (hitcnt=0) 0x19580e75 </P><P></P><P>ciscoasa(config)# show xlate</P><P>3 in use, 4 most used</P><P>Global 192.168.100.100 Local 10.1.2.27</P><P></P><P>...</P><P>ciscoasa(config)# show nat</P><P>NAT policies on Interface inside:</P><P>&nbsp; match ip inside 10.1.2.27 255.255.255.255 outside 10.76.5.0 255.255.255.224</P><P>&nbsp;&nbsp;&nbsp; static translation to 192.168.100.100</P><P>&nbsp;&nbsp;&nbsp; translate_hits = 9, untranslate_hits = 28</P> Mon, 11 Mar 2019 02:57:00 GMT https://community.cisco.com/t5/network-access-control/asa-policy-nat-is-working-but-acl-is-not-hit/m-p/2105534#M161681 sok_senmonorom 2019-03-11T02:57:00Z ASA policy-nat is working but acl is not hit https://community.cisco.com/t5/network-access-control/asa-policy-nat-is-working-but-acl-is-not-hit/m-p/2105535#M161702 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It seems as if this is the behavior with access lists that are associated with NAT. I did a few checks around the support forums and found that this could be the issue and there isnt anything to worry about. However if you can move this thread to the firewalling community I am sure they will be able to confirm this for you.</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Tue, 08 Jan 2013 16:15:26 GMT https://community.cisco.com/t5/network-access-control/asa-policy-nat-is-working-but-acl-is-not-hit/m-p/2105535#M161702 Tarik Admani 2013-01-08T16:15:26Z