Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1047
Views
0
Helpful
9
Replies

denied due to NAT reverse path failure

benningtonr
Beginner
Beginner

‎10-10-2014 10:15 AM - edited ‎03-11-2019 09:54 PM

I have seen lots about this, but none seen to match my issue.

 

I have an asa5550 with and inside, outside and DMZ network, hanging off the Inside i have an asa 5505 with my dabase network.

I can get to me db net from the inside, and via an outside nat from the outside. But no matter what I do I cannot get to it from the dmz. The db net can access the DMZ for dns and such, but i cannot originate contact from the DMZ.

 

I am getting the following when conecting via the dmz

 

5 Oct 10 2014 13:02:29 305013 x.x.129.1 172.20.0.80 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src web_dmz:x.x.129.1 dst inside:172.20.0.80 (type 8, code 0) denied due to NAT reverse path failure

 

path would be x.x.129.0 net -> 192.168.99.0 net -> 172.20.0.0 net

                                         asa5550                  asa5505

Labels:
0 Helpful
9 Replies 9