https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611700#M559023 <P>Hello,</P><P></P><P>I'm currently using ASA 5510 with software 8.4.1 and I have an issue with nat configuration. I used the following config line:</P><P></P><P>nat (inside, dmz) source dynamic LAN Pat1 destination Server1 Server1</P><P></P><P>The traffic is not flowing and when I use Packet Tracer, packets are dropped at the NAT rule with the following error:</P><P></P><P>Drop-reason: (acl-drop) Flow is denied by configured rule</P><P></P><P></P><P>The only ACE I have is permit ip any any.</P><P></P><P></P><P>Thank you for help.</P> Mon, 11 Mar 2019 20:13:53 GMT ntarnagada 2019-03-11T20:13:53Z https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611700#M559023 <P>Hello,</P><P></P><P>I'm currently using ASA 5510 with software 8.4.1 and I have an issue with nat configuration. I used the following config line:</P><P></P><P>nat (inside, dmz) source dynamic LAN Pat1 destination Server1 Server1</P><P></P><P>The traffic is not flowing and when I use Packet Tracer, packets are dropped at the NAT rule with the following error:</P><P></P><P>Drop-reason: (acl-drop) Flow is denied by configured rule</P><P></P><P></P><P>The only ACE I have is permit ip any any.</P><P></P><P></P><P>Thank you for help.</P> Mon, 11 Mar 2019 20:13:53 GMT https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611700#M559023 ntarnagada 2019-03-11T20:13:53Z https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611701#M559024 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>What do we want to accomplish? Also, send me the following:</P><P></P><P>Sh run object id LAN</P><P>Sh run object id Pat1</P><P>Sh run object id Server1</P><P></P><P></P><SPAN>Regards,</SPAN><P></P><P>Ashu</P></BODY></HTML> Mon, 28 Mar 2011 19:59:57 GMT https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611701#M559024 astripat 2011-03-28T19:59:57Z https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611702#M559025 <HTML><HEAD></HEAD><BODY><P>Hey,</P><P></P><P>So this error you are facing is mainly because the reversed nat rule makes no sense.</P><P></P><P>For example:</P><P>The nat rule you configured is:</P><P>nat (inside, dmz) source dynamic LAN Pat1 destination static Server1 Server1</P><P></P><P>The reverse of this rule is:</P><P>nat (dmz,inside) source static server1 server 1 <SPAN style="color: #ff0000;">destination dynamic</SPAN> Pat1 LAN</P><P></P><P>The destination cannot be dynamic! This is where packet tracer shows denied due to ACL.</P><P></P><P>However, I don't think that this specific rule might be the one causing the issue.</P><P></P><P>An output of "show nat" would help me point out exactly what is wrong.</P><P></P><P>-Shrikant</P></BODY></HTML> Tue, 29 Mar 2011 13:06:24 GMT https://community.cisco.com/t5/network-security/asa-8-4-nat-issue/m-p/1611702#M559025 Shrikant Sundaresh 2011-03-29T13:06:24Z