Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
188
Views
0
Helpful
1
Replies

Packet always hits Implicit deny/Packet dropped

tjreeddoc
Level 1
Level 1

‎07-20-2015 04:37 PM - edited ‎03-11-2019 11:18 PM

I need help understanding the packet flow through an ASA and understanding packet tracer results. NAT Control is enabled on the ASA.  Using ASDM, I updated an ACL on the ASA with the following:

 

acl_1out line 1 permit udp host origination_host  host destination_host eq 514

 

I verified the above ACE is the first entry in the ACL.

 

However, each time I do a Packet Tracer it ALWAYS reports the packet is dropped by the implicit deny rule at the end of the ACL.  Why is this packet being dropped when it clearly is listed as the first ACE in the ACL and it is permitted?  Also, looking at the Static NATs, the entire /24 network which the destination_host belongs to has a static NAT in the ASA NAT table.

 

 

ASA Version             8.(0)3

ASDM                        7(2)1

 

Thank you,

 

T.J.

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎07-20-2015 06:24 PM

Duplicate Post:-

https://supportforums.cisco.com/discussion/12561756/packet-always-hits-implicit-denypacket-dropped

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card