Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4857
Views
5
Helpful
2
Replies

Asymmetric NAT rules denied due to NAT reverse path failure

Go to solution
lcaruso
Level 6
Level 6

‎02-03-2011 05:44 PM - edited ‎03-11-2019 12:44 PM

Hi,

I'm working on a configuration for a client in my lab and I'm getting this message when pinging from one site behind a vpn peer router to a site behind the ASA

5    Feb 03 2011    11:26:38        172.29.6.231                
Asymmetric NAT rules matched for forward and reverse flows; 
Connection for icmp src outside:172.28.5.1 dst inside:172.29.6.231 (type 8, code 0) denied due to NAT reverse path failure

I know the nat is wrong but right now I'm not sure what needs changing. What is asymmetric nat and what is nat reverse path failure?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akhil B
Cisco Employee
Cisco Employee

‎02-03-2011 06:30 PM

Hi Lcaruso,

Please let me know what version of the code you are running. I am assuming its 8.3. If so this is usally seen because of the overlapping nat statement.

Please paste the output put for " show nat detail " and  " sh run nat ".

For a detailed explanation on the error, i have provided the link below,

https://supportforums.cisco.com/docs/DOC-12569

Regards,

Akhil

View solution in original post

2 Replies 2

Go to solution
Akhil B
Cisco Employee
Cisco Employee

‎02-03-2011 06:30 PM

Hi Lcaruso,

Please let me know what version of the code you are running. I am assuming its 8.3. If so this is usally seen because of the overlapping nat statement.

Please paste the output put for " show nat detail " and  " sh run nat ".

For a detailed explanation on the error, i have provided the link below,

https://supportforums.cisco.com/docs/DOC-12569

Regards,

Akhil

Go to solution
lcaruso
Level 6
Level 6
In response to Akhil B

‎02-03-2011 07:00 PM

Thanks for that link !

Let me read that over and then I'll try the commands you mentioned. If I'm still stuck, I'll post output.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card