https://community.cisco.com/t5/network-security/cisco-asa-packet-tracer-shows-wrong-acl/m-p/4264541#M1076924 <P>Hi All,<BR />We have cisco asa with version 9.8.3<BR />While checking the packet tracer from outside source public ip to a NAT ip of a server inside the network, I could see that ACL match is on a rule where the source segments are all private.</P><P>So I decided to configure a rule on top of the ACL list with source as Any and destination Pvt ip and destination port. It worked perfectly.</P><P>My question is if I remove the deny rule, the packet tracer is still showing the same rule which do not have the source segment as my public ip (all are private).</P><P>I could see a bug CSCvb92548 in earlier version 9.1(7.11) 9.6(2.2), but current version is 9.8.3</P><P>pls help.</P> Tue, 29 Dec 2020 05:14:01 GMT secureIT 2020-12-29T05:14:01Z https://community.cisco.com/t5/network-security/cisco-asa-packet-tracer-shows-wrong-acl/m-p/4264541#M1076924 <P>Hi All,<BR />We have cisco asa with version 9.8.3<BR />While checking the packet tracer from outside source public ip to a NAT ip of a server inside the network, I could see that ACL match is on a rule where the source segments are all private.</P><P>So I decided to configure a rule on top of the ACL list with source as Any and destination Pvt ip and destination port. It worked perfectly.</P><P>My question is if I remove the deny rule, the packet tracer is still showing the same rule which do not have the source segment as my public ip (all are private).</P><P>I could see a bug CSCvb92548 in earlier version 9.1(7.11) 9.6(2.2), but current version is 9.8.3</P><P>pls help.</P> Tue, 29 Dec 2020 05:14:01 GMT https://community.cisco.com/t5/network-security/cisco-asa-packet-tracer-shows-wrong-acl/m-p/4264541#M1076924 secureIT 2020-12-29T05:14:01Z