Re: ASA dropping packets to internet

nikmagashi1 · ‎02-23-2023

Hi,

I have configured an access rule like below:

but when I am doing a packet tracer on this rule I am getting denied by the implicit policy:

Am I missing something?

MHM Cisco World · ‎02-23-2023

select port in packet-tracer and check again.
also try ping from any host in lan to 8.8.8.8
then try ping from any host in lan to google.com
check if the issue is the DNS resolve in ASA

nikmagashi1 · ‎02-24-2023

I do not have any clients right now to test for real but I was just using the packet tracer tool to see if the traffic is allowed or not. Now it is flowing according to the packet tracer and because I have other rules for the same interface and at the bottom of it the rule for internet, I created another rule just above the internet rule to deny anything to private addresses (rfc 1918). So I will try to limit the traffic only to those destination we need to.

marly · ‎02-24-2023

hello

If your ASA (Adaptive Security Appliance) is dropping packets to the internet, it could be due to several reasons such as incorrect access control list configuration, routing issues, or NAT problems. Nexus Iceland

Troubleshoot by verifying your configuration, reviewing logs, and analyzing traffic flow to identify and resolve the issue.

Let see it will work or not ?

MHM Cisco World · ‎02-24-2023

only add port and do packet tracer again