cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4403
Views
0
Helpful
2
Replies

denied due to NAT reverse path failure

born.jason
Level 1
Level 1

Hi,  i have the following situation:

- Cisco ASA 8.3

- many subinterfaces on the asa

- Customers using vpn to connect to the sub network

Now i have the problem that one customer need access to his sub network and one ip in another sub network. Is this possible?

At the moment it looks like the following:

Customer dial in with vpn access and get a ip from 192.168.100.0 /24 network and has access to 10.10.10.0 /24 .

This works fine. But now he needs access to the IP 10.10.20.10.

I have added to the existing split tunnel rule the ip and in the vpn client i saw the route to the ip but if i try a ping the following message is in the log:


5     Dec 05 2010     13:57:35     305013     192.168.113.100                    Asymmetric NAT rules matched for forward and reverse flows; Connection for  icmp src outside:192.168.100.10 dst inside: 10.10.20.10 (type 8, code 0) denied due to NAT reverse path failure 

Help please

1 Accepted Solution

Accepted Solutions

mirober2
Cisco Employee
Cisco Employee

Hello,

Please take a look at this link, which should help you identify and resolve the problem you're seeing:

https://supportforums.cisco.com/docs/DOC-12569

Hope that helps.

-Mike

View solution in original post

2 Replies 2

mirober2
Cisco Employee
Cisco Employee

Hello,

Please take a look at this link, which should help you identify and resolve the problem you're seeing:

https://supportforums.cisco.com/docs/DOC-12569

Hope that helps.

-Mike

thanks, this show me the right way. I forget the nat exemption for the other network.

Review Cisco Networking for a $25 gift card