Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
0
Helpful
2
Replies

ASA 8.4 nat issue

ntarnagada
Level 1
Level 1

‎03-28-2011 11:37 AM - edited ‎03-11-2019 01:13 PM

Hello,

I'm currently using ASA 5510 with software 8.4.1 and I have an issue with nat configuration. I used the following config line:

nat (inside, dmz) source dynamic LAN Pat1 destination Server1 Server1

The traffic is not flowing and when I use Packet Tracer, packets are dropped at the NAT rule with the following error:

Drop-reason: (acl-drop) Flow is denied by configured rule

The only ACE I have is permit ip any any.

Thank you for help.

Labels:
0 Helpful
2 Replies 2

astripat
Level 1
Level 1

‎03-28-2011 12:59 PM

Hi,

What do we want to accomplish? Also, send me the following:

Sh run object id LAN

Sh run object id Pat1

Sh run object id Server1

Regards,

Ashu

0 Helpful

Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎03-29-2011 06:06 AM

Hey,

So this error you are facing is mainly because the reversed nat rule makes no sense.

For example:

The nat rule you configured is:

nat (inside, dmz) source dynamic LAN Pat1 destination static Server1 Server1

The reverse of this rule is:

nat (dmz,inside) source static server1 server 1 destination dynamic Pat1 LAN

The destination cannot be dynamic! This is where packet tracer shows denied due to ACL.

However, I don't think that this specific rule might be the one causing the issue.

An output of "show nat" would help me point out exactly what is wrong.

-Shrikant

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card