01-11-2019 01:51 AM - edited 02-21-2020 08:39 AM
Hello
Sorry for my noob question, i have a config below from 8.2
access-list NO-NAT extended permit ip 10.0.0.0 255.0.0.0 10.172.8.224 255.255.255.224
nat (inside) 0 access-list NO-NAT
FW# sh route | i 10.172.8.224
D 10.172.8.224 255.255.255.248 [90/3072] via 10.172.8.33, 798:37:40, inside
S 10.172.8.224 255.255.255.224 [1/0] via 203.9.248.21, outside
FW# packet-tracer input inside tcp 10.3.3.3 443 10.172.8.224 $
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.172.8.224 255.255.255.248 inside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Based from the packet tracer, why does the ASA preferred the EIGRP route (exit interface is inside) instead of the static route (exit interface is outside)?
Solved! Go to Solution.
01-11-2019 01:56 AM
01-11-2019 01:56 AM
01-11-2019 01:58 AM
Hi
Oh ok, i did not notice the more specific subnet mask. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide