Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2381
Views
0
Helpful
0
Replies

NAT Issue "sp-security-failed Slowpath security checks failed"

Zargham Haider
Level 1
Level 1

‎05-15-2017 04:00 AM - edited ‎03-12-2019 02:21 AM

Hi,

I was working fine with ASA 5510 and configured some servers inside which were visible for outside world. i bought new ASA 5506X FirePower. when i configured it gives this error "sp-security-failed Slowpath security checks failed". 

when i check through Packet tracer....it shows that action is allow when packet has outside destination and it drops when packet has inside destination and it drops by rule. like from inside to outside is allowed but from outside to inside is droped.

NAT rules are configured and Public servers are also configured. with same pattren in ASA 5510 everything working fine but in ASA 5506X it is not working. 

sample configuration of 5506X is :

ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

!!!!

object network Server_ABC
nat (inside,outside) static LAN_xx.xx.xx.76_ABC
object network Server_DEF
nat (inside,outside) static LAN_xx.xx.xx.74_DEF
object network server_GHI
nat (inside,outside) static LAN_xx.xx.xx.77_GHI
object network Server_JKL
nat (inside,outside) static LAN_xx.xx.xx.75_JKL
!
nat (inside,outside) after-auto source dynamic any interface
access-group inbound in interface outside
access-group inside_access_in in interface inside
access-group Winside_access_in in interface Winside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.73 1

please suggest....!!!!!

_________

ZarGham

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card