https://community.cisco.com/t5/network-security/nat-issue-quot-sp-security-failed-slowpath-security-checks/m-p/3009335#M135560 <P>Hi,</P> <P>I was working fine with ASA 5510 and configured some servers inside which were visible for outside world. i bought new ASA 5506X FirePower. when i configured it gives this error "<EM><SPAN>sp-security-failed Slowpath security checks failed".&nbsp;</SPAN></EM></P> <P><EM><SPAN>when i check through Packet tracer....it shows that action is allow when packet has outside destination and it drops when packet has inside destination and it drops by rule. like from inside to outside is allowed but from outside to inside is droped.</SPAN></EM></P> <P><EM><SPAN>NAT rules are configured and Public servers are also configured. with same pattren in ASA 5510 everything working fine but in ASA 5506X it is not working.&nbsp;</SPAN></EM></P> <P><I>sample configuration of 5506X is :</I></P> <P><I>ftp mode passive<BR />same-security-traffic permit inter-interface<BR />same-security-traffic permit intra-interface</I></P> <P><I>!!</I><I>!!</I></P> <P><I>object network Server_ABC<BR /> nat (inside,outside) static LAN_xx.xx.xx.76_ABC<BR />object network Server_DEF<BR /> nat (inside,outside) static LAN_xx.xx.xx.74_DEF<BR />object network server_GHI<BR /> nat (inside,outside) static LAN_xx.xx.xx.77_GHI<BR />object network Server_JKL<BR /> nat (inside,outside) static LAN_xx.xx.xx.75_JKL<BR />!<BR />nat (inside,outside) after-auto source dynamic any interface<BR />access-group inbound in interface outside<BR />access-group inside_access_in in interface inside<BR />access-group Winside_access_in in interface Winside<BR />route outside 0.0.0.0 0.0.0.0 xx.xx.xx.73 1</I></P> <P><I></I></P> <P><I>please suggest....!!!!!</I></P> <P><I>_________</I></P> <P>ZarGham</P> <P><I></I></P> Tue, 12 Mar 2019 09:21:50 GMT Zargham Haider 2019-03-12T09:21:50Z https://community.cisco.com/t5/network-security/nat-issue-quot-sp-security-failed-slowpath-security-checks/m-p/3009335#M135560 <P>Hi,</P> <P>I was working fine with ASA 5510 and configured some servers inside which were visible for outside world. i bought new ASA 5506X FirePower. when i configured it gives this error "<EM><SPAN>sp-security-failed Slowpath security checks failed".&nbsp;</SPAN></EM></P> <P><EM><SPAN>when i check through Packet tracer....it shows that action is allow when packet has outside destination and it drops when packet has inside destination and it drops by rule. like from inside to outside is allowed but from outside to inside is droped.</SPAN></EM></P> <P><EM><SPAN>NAT rules are configured and Public servers are also configured. with same pattren in ASA 5510 everything working fine but in ASA 5506X it is not working.&nbsp;</SPAN></EM></P> <P><I>sample configuration of 5506X is :</I></P> <P><I>ftp mode passive<BR />same-security-traffic permit inter-interface<BR />same-security-traffic permit intra-interface</I></P> <P><I>!!</I><I>!!</I></P> <P><I>object network Server_ABC<BR /> nat (inside,outside) static LAN_xx.xx.xx.76_ABC<BR />object network Server_DEF<BR /> nat (inside,outside) static LAN_xx.xx.xx.74_DEF<BR />object network server_GHI<BR /> nat (inside,outside) static LAN_xx.xx.xx.77_GHI<BR />object network Server_JKL<BR /> nat (inside,outside) static LAN_xx.xx.xx.75_JKL<BR />!<BR />nat (inside,outside) after-auto source dynamic any interface<BR />access-group inbound in interface outside<BR />access-group inside_access_in in interface inside<BR />access-group Winside_access_in in interface Winside<BR />route outside 0.0.0.0 0.0.0.0 xx.xx.xx.73 1</I></P> <P><I></I></P> <P><I>please suggest....!!!!!</I></P> <P><I>_________</I></P> <P>ZarGham</P> <P><I></I></P> Tue, 12 Mar 2019 09:21:50 GMT https://community.cisco.com/t5/network-security/nat-issue-quot-sp-security-failed-slowpath-security-checks/m-p/3009335#M135560 Zargham Haider 2019-03-12T09:21:50Z