cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
668
Views
10
Helpful
3
Replies

Asymmetric NAT rules matched for forward and reverse flows

mutaz_albdiry
Level 1
Level 1

what is a possible cause of this log message "Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src.."

This log message was appeared when i was try to nating from inside to outside, 

Please help ..

Notes:

-ASA 5525

-Cisco ASA Software Version 8.6(1)2

3 Replies 3

Shivapramod M
Level 1
Level 1

Hi,

Asymmetric NAT happens when the inbound direction traffic and outbound traffic takes different NAT.

You can do a packet tracer and check which NAT the traffic is taking in inbound and outbound direction.

packet-tracer in <incoming interface name> icmp <source IP> 8 0 <destination IP> detail

Also you can provide the output of the show nat.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Hi mutaz,

As best practice , make sure the NATs in question have the "route-lookup" keyword at the end.

Hope it helps

-Randy-

Akshay Rastogi
Cisco Employee
Cisco Employee

Hi,

Make sure all the statements which are above the expected does not have overlapping subnets.

Also make sure all the statements which are having 'nat(any,any) or identity nats in manual nat statments are added with 'route-lookup' at the end.

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

Review Cisco Networking for a $25 gift card