Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1098
Views
0
Helpful
4
Replies

NAT reverse path failure

Go to solution
yasaman64
Level 1
Level 1

‎06-22-2012 09:15 AM - edited ‎03-11-2019 04:22 PM

Hello everyone,

Could someone help me with this issue:

5 Jun 22 2012 10:07:48 305013 50.96.132.209    Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside2:68.153.135.201 dst fwinside:54.92.134.220 (type 8, code 0) denied due to NAT reverse path failure

I keep getting tis error on my ASA considering that I dont even have NAT rules for that source and destination, do you have any idea what whould the problem be?

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎06-22-2012 01:45 PM

Hello Yasaman,

There is definetely a nat statement causing this issue.

I would have to take a look at the Nat statement in order to solve it.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Alexander Moorthy
Level 1
Level 1

‎06-25-2012 04:55 AM

Hi Yasaman,

The nat-control is enabled on the firewall,thats why you need a translation to allow the specific traffic.

To work , add a nat-exempt from the source to destination/ destination to source.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎06-22-2012 01:45 PM

Hello Yasaman,

There is definetely a nat statement causing this issue.

I would have to take a look at the Nat statement in order to solve it.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Alexander Moorthy
Level 1
Level 1

‎06-25-2012 04:55 AM

Hi Yasaman,

The nat-control is enabled on the firewall,thats why you need a translation to allow the specific traffic.

To work , add a nat-exempt from the source to destination/ destination to source.

0 Helpful

Go to solution
yasaman64
Level 1
Level 1

‎06-25-2012 06:43 AM

Thank you,

The problem was a dynamic NAT rule. I added a NAT exempt and everything worked fine.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to yasaman64

‎06-25-2012 10:17 AM

Hello Yasaman,

Great to hear that everything worked fine.

Please mark the question as answered so future users can learn from this topic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card