12-04-2015 01:52 PM - edited 03-11-2019 11:59 PM
what is a possible cause of this log message "Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src.."
This log message was appeared when i was try to nating from inside to outside,
Please help ..
Notes:
-ASA 5525
-Cisco ASA Software Version 8.6(1)2
12-04-2015 04:29 PM
Hi,
Asymmetric NAT happens when the inbound direction traffic and outbound traffic takes different NAT.
You can do a packet tracer and check which NAT the traffic is taking in inbound and outbound direction.
packet-tracer in <incoming interface name> icmp <source IP> 8 0 <destination IP> detail
Also you can provide the output of the show nat.
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
12-04-2015 04:59 PM
Hi mutaz,
As best practice , make sure the NATs in question have the "route-lookup" keyword at the end.
Hope it helps
-Randy-
12-04-2015 08:27 PM
Hi,
Make sure all the statements which are above the expected does not have overlapping subnets.
Also make sure all the statements which are having 'nat(any,any) or identity nats in manual nat statments are added with 'route-lookup' at the end.
Hope it helps.
Regards,
Akshay Rastogi
Remember to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide