Asymmetric NAT rules matched for forward and reverse flows

Sheraz.Salim · ‎11-13-2016

i am getting this message on my syslog please kindly help

here is my config

object network STORAGE

host 10.178.12.46

object service netbios-ssn

service tcp sourcce eq netbios-ssn

nat (inside,outside) source static STORAGE interface service netbios-ssn netbios-ssn

access-list OUT permit extended permit tcp any object STORAGE eq netebios-ssn

access-group OUT in interface outside

packet tracer

packet-tracer input outside tcp 192.168.71.64 1 10.178.12.46 139

Phase: 1

Type: CAPTURE

Subtype:

Result: ALLOW

Config:

Additional Information:

MAC Access list

Phase: 2

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 3

Type: ROUTE-LOOKUP

Subtype: Resolve Egress Interface

Result: ALLOW

Config:

Additional Information:

in 10.178.12.46 255.255.255.255 via 10.178.5.1, inside

Phase: 4

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group OUT in interface outside

access-list OUT extended permit tcp any object STORAGE eq netbios-ssn

Additional Information:

Phase: 5

Type: NAT

Subtype: per-session

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 7

Type: NAT

Subtype: rpf-check

Result: DROP

Config:

nat (inside,outside) source static ISILION interface service netbios-ssn netbios-ssn

Additional Information:

Result:

input-interface: outside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

please do not forget to rate.

Aditya Ganjoo · ‎11-13-2016

Hi,

Can you please put this NAT statement on line 1 and then test ?

It seems the traffic is matching another NAT while going out.

Regards,

Aditya

Please rate helpful posts and mark correct answers.