Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
1
Replies

NATing "Reverse Path Failure" problem - help required

Cormac Champion
Level 1
Level 1

‎09-12-2019 02:14 PM - edited ‎09-12-2019 02:15 PM

Hi all,

 

I'm new to ASA's and I have a NATing issue which I'm unable to resolve.  I'm trying to allow external access through my ASA to a Web Server.

 

I've used the Packet Tracer in the ASDM and it's recording the following in the Monitoring log

 

Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src MY-ISP:xx.xx.xx.xx/1065 dst INSIDE:10.10.10.101/443 denied due to NAT reverse path failure

 

The NAT Rule I have added is as follows

nat (INSIDE,MY-ISP) source static obj-Web_Server interface service any REMOTE-HTTPS

 

Where

object network obj-WEB_Server
host 10.10.10.101

object service REMOTE-HTTPS
service tcp source eq https

 

My ISP Connection is presented as 192.168.1.17.  The ISP forwards all ports from their router to mine.  I have a 0.0.0.0 0.0.0.0 via 192.168.1.1 for my ISP connection

 

From what I have read, it seems I need to add a NoNat ACL somewhere, but with the ASDM, I'm not sure as to where this should be added, and in what form.

Labels:
0 Helpful
1 Reply 1

bhargavdesai
Spotlight
Spotlight

‎09-12-2019 07:27 PM

You need service https https in the below statement.

nat (INSIDE,MY-ISP) source static obj-Web_Server interface service any REMOTE-HTTPS

And make sure you have configured ACL on the interface MY-ISP to allow access in for your web server.

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card