https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403312#M1024929 Are you using SIP ? Do you see SIP confirmation exchange ? Can you share your NAT and do you have inspect SIP enabled ? Thu, 21 Jun 2018 12:52:02 GMT Abdullo Salikhov 2018-06-21T12:52:02Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403301#M1024925 <P>what trouble shooting commands are there available for PBR on ASA?</P> <P>ive created a pbr and its working outbound fine, the problem I have is an external IP coming inbound is translated and routed correctly however the return traffic doesnt see to leave the firewall.</P> <P>A packet cap on the outside and dmz interface shows traffic coming into the firewall from the internet. it gets translated from the public ip to the internal ip and routed to the dmz interface. I can see packets coming back from the internal server destined to the internet on the dmz interface but i dont see the packets leave the outside interface.</P> <P>&nbsp;</P> <P>Thanks</P> Fri, 21 Feb 2020 15:54:22 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403301#M1024925 mickyq 2020-02-21T15:54:22Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403312#M1024929 Are you using SIP ? Do you see SIP confirmation exchange ? Can you share your NAT and do you have inspect SIP enabled ? Thu, 21 Jun 2018 12:52:02 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403312#M1024929 Abdullo Salikhov 2018-06-21T12:52:02Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403317#M1024931 <P>im not using SIP. its just internet traffic to an internal server on 443</P> Thu, 21 Jun 2018 12:57:24 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403317#M1024931 mickyq 2018-06-21T12:57:24Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403342#M1024932 I have tried on 9.6: PBR and NAT doesn't work on ASA (yet).<BR />packet capture showed it as it works but traffic capture and production said something else. Thu, 21 Jun 2018 13:41:05 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403342#M1024932 Florin Barhala 2018-06-21T13:41:05Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403358#M1024934 <P>Thanks</P> <P>the outbound dynamic nat with PBR seems to work ok. Im using v9.8</P> <P>is there a compatibility table?</P> Thu, 21 Jun 2018 14:04:41 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3403358#M1024934 mickyq 2018-06-21T14:04:41Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3404786#M1024936 Can you share the NAT config that's used in conjunction with PBR?<BR /><BR />Thanks! Mon, 25 Jun 2018 10:47:24 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3404786#M1024936 Florin Barhala 2018-06-25T10:47:24Z https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3405591#M1024938 <P>I have managed to find the problem but im not sure I understand why its happening.</P> <P>Outbound traffic is using the pbr and working.</P> <P>inbound traffic from the internet to one of our public IP's translated to a server in the dmz doesnt work.</P> <P>The problem seems to be with the return route from the server.</P> <P>I can only get it working with a static route. I assumed inbound traffic would create a session and return the traffic back to the interface it came in on.</P> Tue, 26 Jun 2018 12:38:01 GMT https://community.cisco.com/t5/network-security/asa-pbr-problem/m-p/3405591#M1024938 mickyq 2018-06-26T12:38:01Z