Solved: NAT reverse path failure

yasaman64 · ‎06-22-2012

Hello everyone,

Could someone help me with this issue:

5 Jun 22 2012 10:07:48 305013 50.96.132.209 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside2:68.153.135.201 dst fwinside:54.92.134.220 (type 8, code 0) denied due to NAT reverse path failure

I keep getting tis error on my ASA considering that I dont even have NAT rules for that source and destination, do you have any idea what whould the problem be?

Thanks

Julio Carvajal · ‎06-22-2012

Hello Yasaman,

There is definetely a nat statement causing this issue.

I would have to take a look at the Nat statement in order to solve it.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Alexander Moorthy · ‎06-25-2012

Hi Yasaman,

The nat-control is enabled on the firewall,thats why you need a translation to allow the specific traffic.

To work , add a nat-exempt from the source to destination/ destination to source.

View solution in original post

Julio Carvajal · ‎06-22-2012

Hello Yasaman,

There is definetely a nat statement causing this issue.

I would have to take a look at the Nat statement in order to solve it.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Alexander Moorthy · ‎06-25-2012

Hi Yasaman,

The nat-control is enabled on the firewall,thats why you need a translation to allow the specific traffic.

To work , add a nat-exempt from the source to destination/ destination to source.

yasaman64 · ‎06-25-2012

Thank you,

The problem was a dynamic NAT rule. I added a NAT exempt and everything worked fine.

Julio Carvajal · ‎06-25-2012

Hello Yasaman,

Great to hear that everything worked fine.

Please mark the question as answered so future users can learn from this topic.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC