07-15-2015 01:17 PM - edited 03-11-2019 11:16 PM
Hi everyone,
PC traffic ------Switch ----X int ASA-----y int ----server 172.31.50.55
I see below log when user try to access the server
106021: Deny TCP reverse path check from 192.168.100.25 to 172.31.50.55 on interface X
Does it mean that ASA did not pass the traffic from interface X to Y as there is no return path to subnet 192.168.100.25?
Regards
Mahesh
Solved! Go to Solution.
07-15-2015 08:52 PM
Mahesh,
It could be routing but the most common cause is asymmetric NAT.
See what a packet-tracer tells you.
07-16-2015 06:54 AM
Mahesh,
Per the syntax Igor posted, always run it to simulate the actual traffic as initiated from the end user (192.168.100.25 in your case).
The utility will use its built in logic to check the reverse path automatically.
07-16-2015 07:15 AM
Example:
packet-tracer input X_int_name tcp 192.168.100.25 PCSource_port 172.31.50.55 dst_port detailed
07-15-2015 08:52 PM
Mahesh,
It could be routing but the most common cause is asymmetric NAT.
See what a packet-tracer tells you.
07-15-2015 09:48 PM
Hi Marvin,
For packet tracer i can run from interface y to x to check the return traffic right?
Regards
MAhesh
07-16-2015 06:54 AM
Mahesh,
Per the syntax Igor posted, always run it to simulate the actual traffic as initiated from the end user (192.168.100.25 in your case).
The utility will use its built in logic to check the reverse path automatically.
07-16-2015 12:55 PM
issue was with routing.
07-16-2015 07:35 PM
Mahesh,
Glad you got it resolved, thank for the ratings.
packet-tracer is your friend on the ASA. After seeing the TAC run it time and again during my time learning the platform, I decided they might know a thing or two and put it on my short list of go-to tools as well.
07-16-2015 07:15 AM
Example:
packet-tracer input X_int_name tcp 192.168.100.25 PCSource_port 172.31.50.55 dst_port detailed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide