Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
3
Replies

NAT issue ASA 8.2.5

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-25-2018 06:42 AM - edited ‎02-21-2020 07:12 AM

I am facing some NAT issue on old asa 8.2.5. Running configuration is attached in this post. I was run "Packet-tracer" and found following below issue-

 

Phase: 6
Type: NAT
Subtype:
Result: DROP
Config:
nat (INSIDE) 1 0.0.0.0 0.0.0.0
match ip INSIDE any OUTSIDE any
dynamic translation to pool 1 (20.20.40.2 [Interface PAT])
translate_hits = 757, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc9654758, priority=1, domain=nat, deny=false
hits=43113, user_data=0xc9654698, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

 

Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: OUTSIDE
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Please guide.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Labels:
Preview file
13 KB
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎01-25-2018 08:30 AM

Hi

Can you tell us what packet-tracer command you ran? I mean source and destination to see what's the issue you're facing.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Francesco Molino

‎01-25-2018 09:47 AM

Actually, I am at remote location and client is booked a ticket with no internet connection. So I was taken a remote session with help of mobile data and checked.
Command:
Packet-tracer input inside icmp 192.168.3.1 0 0 8.8.8.8 detailed
(May some sequences will change in command because I forgot where will be icmp code in this command).

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Deepak Kumar

‎01-25-2018 11:08 AM

Why are you trying echo-reply 0 ?
If you want to test ping to outside from inside use type8 (echo) and paste the result please?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card