I need help understanding the packet flow through an ASA and understanding packet tracer results. NAT Control is enabled on the ASA. Using ASDM, I updated an ACL on the ASA with the following:
acl_1out line 1 permit udp host origination_host host destination_host eq 514
I verified the above ACE is the first entry in the ACL.
However, each time I do a Packet Tracer it ALWAYS reports the packet is dropped by the implicit deny rule at the end of the ACL. Why is this packet being dropped when it clearly is listed as the first ACE in the ACL and it is permitted? Also, looking at the Static NATs, the entire /24 network which the destination_host belongs to has a static NAT in the ASA NAT table.
ASA Version 8.(0)3
ASDM 7(2)1
Thank you,
T.J.